Messages

1

22.1 Legacy Series / Re: Alias based firewall rules doesn't work after upgrade to 22.1.8

« on: May 26, 2022, 09:39:47 pm »

I just installed the hotfix and my aliases return the correct networks under Diagnose > Aliases.
My firewall rules are working as expected again!

Thank you for the quick response!

2

22.1 Legacy Series / Re: Alias based firewall rules doesn't work after upgrade to 22.1.8

« on: May 26, 2022, 09:10:35 pm »

I'm also affected by this bug.
It seems to be only with network and ports aliases, host aliases are not affected and still return the valid results under Diagnose > Aliases.

The Geo aliases are still filled with networks, so those seem to work as well.
The Spamhaus aliases are also still filled so remote aliases seem to work.

Ports aliases don't even show up under diagnose > Aliases.

Running the update_tables.py gives the result "Ok" but no changes in the aliases.

3

22.1 Legacy Series / Question about policy based routing

« on: April 10, 2022, 08:55:01 pm »

Hello!

I have a question about the Gateway / policy based routing options on the firewall.
When i have for example a LAN and GUEST network, and 2 WAN connections.
WAN1 has a gateway with priority 10, and WAN2 has a gateway with priority 20.
There is a gateway group which has WAN2 as tier 1, and WAN1 as tier 2.
LAN has an allow all rule with gateway set to "default".
GUEST has an allow all rule with gateway set to the gateway group mentioned above, so that GUEST will use WAN2 as default, and fall back to WAN1 when WAN2 is down.

GUEST can't ping LAN despite the allow all rule, but that is because it uses the gateway group, so that is expected.
What I find unexpected is that LAN can ping to the GUEST network and get a ping reply from a device in the GUEST network, despite the GUEST network using the gateway group.
How does the device on the GUEST network know the route back? Is this because there is some kind of connection tracking causing this?

Can someone help me understand how this works?

Thanks in advance!