Hi!
I have a Vlan (IOT, 10.77.73.0) which has a rule to allow port 80 & 443 TCP.
Block IPv4 * IOT net * All_Interfaces net * * * Block inter VLAN
Allow IPv4 TCP IOT net * * Webports * * Http(s)
The Webports Alias is a port alias for 80, 443.
In livelog I can see the rule is working and allows severall requests to port 80 as well as 443.
But there are some requests which are blocked by the default rule which means the Http(s) rule is not matching.
e.g. 10.77.73.25:45804 54.225.172.93:80 tcp Default deny rule
The Details are the following:
__timestamp__ Jan 4 12:50:08
ack 3469399858
action [block]
anchorname
datalen 0
dir [in]
dst 54.225.172.93
dstport 80
ecn
id 40189
interface igb1_vlan73
interface_name IOT
ipflags DF
ipversion 4
label Default deny rule
length 52
offset 0
protoname tcp
protonum 6
reason match
rid 02f4bab031b57d1e30553ce08e0ec131
rulenr 19
seq 2446294116
src 10.77.73.25
srcport 45804
subrulenr
tcpflags FA
tcpopts
tos 0x0
ttl 64
urp 1369
Can anyone tell my why my rule isn't matching? As far as I understand the my rule should match?
If you need more info just tell me - would be happy to solve that "problem" ;-)
Thanks
Alex