A firewalll rule pattern that consistently causes issues

Started by opnseeker, Today at 02:47:05 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 02:47:05 AM
I have an interface group with a rule that sends all internet traffic over a gateway ( can be the default or VPN ).

The above rule is setup with FirstMatch disabled so that I can have rules in individual interfaces that can override the gateway.

When I have a rule in one of the member interfaces to redirect traffic from a specific ip address over a different gateway with FirstMatch enabled, I expect the traffic from that specific ip address to be sent over the 2nd gateway while the rest use the first gateway (set in the group rule).

But it doesn't work. The traffic that matches the rule in the interface is rejected or blocked. Many times, traffic from the entire interface containing the override rule is blocked.

This seems to happen quite consistently. I have two instances with the above pattern and both have the same issue.

If the override rule blocks traffic instead of redirecting it over a different gateway, it seems to work as expected.

Is this the way it is supposed to work or is it a bug?
Today at 06:14:47 AM #1
Please post all details of the rules in question.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions