Hello All,
I have a few Site to Site IPSEC VPN's setup between me and a number of locations.
I was running V8 8.103 and had no problems - everything was working fine.
I decided to use up2date to get to the latest version 8.301 and this updated fine.
After the update the VPN tunnels status shows green and I can ping to devices at remote locations.
However anything more results in a firewall block due to Default Drop Rule.
I did not change any settings between the updates.
My firewall rules are fairly simple
#1 Allow Internet(Network) --Any--> VPN-0-LAN (192.168.0.0/16)
#2 Allow VPN-0-LAN (192.168.0.0/16) --Any --> Internal(Network)
#3 Deny Any -- Any -- Any
All my remote networks have /16 IP Range e.g 192.168.120.X, 192.168.121.X etc..
My Network is 192.168.150.0/24
I found that I changed rule #3 to Allow Any -- Any -- Any
Then everything works fine - so it is clear that the VPN is fine and it is something to do with the firewall.
Disabling #3 does not do anything as the drop is being done due to the Default Drop Rule.
Through trial and error, I found that now if I enable Automatic Firewall Rules in my IPSEC connection.
Then all works fine.
However this does not explain what I am doing wrong or what has changed :confused:
In a similar way the remote devices use my Gateway for NTP services.
Now they cannot (even with Automatic Firewall Rule checked).
My NTP Services is set to allowed Networks:
# Internal(Network)
# VPN-0-LAN (192.168.0.0/16)
Once again if I add "Any" to the above list then all works fine again.
Have the rules to firewalls changed or has something else gone wrong!
Thanks
Peter
I have a few Site to Site IPSEC VPN's setup between me and a number of locations.
I was running V8 8.103 and had no problems - everything was working fine.
I decided to use up2date to get to the latest version 8.301 and this updated fine.
After the update the VPN tunnels status shows green and I can ping to devices at remote locations.
However anything more results in a firewall block due to Default Drop Rule.
I did not change any settings between the updates.
My firewall rules are fairly simple
#1 Allow Internet(Network) --Any--> VPN-0-LAN (192.168.0.0/16)
#2 Allow VPN-0-LAN (192.168.0.0/16) --Any --> Internal(Network)
#3 Deny Any -- Any -- Any
All my remote networks have /16 IP Range e.g 192.168.120.X, 192.168.121.X etc..
My Network is 192.168.150.0/24
I found that I changed rule #3 to Allow Any -- Any -- Any
Then everything works fine - so it is clear that the VPN is fine and it is something to do with the firewall.
Disabling #3 does not do anything as the drop is being done due to the Default Drop Rule.
Through trial and error, I found that now if I enable Automatic Firewall Rules in my IPSEC connection.
Then all works fine.
However this does not explain what I am doing wrong or what has changed :confused:
In a similar way the remote devices use my Gateway for NTP services.
Now they cannot (even with Automatic Firewall Rule checked).
My NTP Services is set to allowed Networks:
# Internal(Network)
# VPN-0-LAN (192.168.0.0/16)
Once again if I add "Any" to the above list then all works fine again.
Have the rules to firewalls changed or has something else gone wrong!
Thanks
Peter