[Firewall] Configuring allow all in/out on a WAN interface

breisbrenny · February 22, 2022, 05:19:05 PM

Hi there,
We have a customer traffic network which should allow all WAN traffic in/out directly to the machines!

There is no NAT on this network, the subnet goes straight upstream and the machines are connected directly to this WAN with a public IP address.

The default deny rule, although we have Allow all in/out to WANCustomer set, keeps stopping TCP/UDP (but oddly not ICMP) traffic from hitting the servers.

Any ideas on how we can figure out why the allow rule is being ignored/manually set a default deny rule on other interfaces and remove the floating one?

breisbrenny · February 22, 2022, 05:29:04 PM

Picture of default deny hitting attached

breisbrenny · February 22, 2022, 06:15:03 PM

Update!

We've figured out UDP + ICMP pass without an issue, the default deny rule is only catching TCP packets although there is a rule in-spec to allow the traffic!

[Firewall] Configuring allow all in/out on a WAN interface

breisbrenny

February 22, 2022, 05:19:05 PM

breisbrenny

February 22, 2022, 05:29:04 PM #1

breisbrenny

February 22, 2022, 06:15:03 PM #2