Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Matlu
Advisor

Published service consumption problems.

Hello, everyone.

I am currently having a problem with accessing a web service.

We have an explicit rule that allows any Internet IP to access our published server, which has the domain name zonasegura.bn.com.pe.

The problem is that the Firewall is not processing the traffic with the explicit rule, and is sending all the traffic to the last rule of the rule base (Implicit rule).

Does anyone know how to correct this behavior?
I have a Cluster R81.10 with JHF take 87

I share images of the explicit rule, the CLEANUP rule, and the output of the command "fw ctl zdebug + drop | grep <ANY>".

IM4.pngIM3.pngIM2.pngIM1.png

Cheers. 🙂

0 Kudos
4 Replies
the_rock
Legend
Legend

Drop logs give you an answer. Its dropping on port 80, NOT 443, so you have to add port 80 to the rule. Make sure NAT is in place as well.

Andy

0 Kudos
Matlu
Advisor

The strange thing is that this service has always been consumed by the 443 (You open a browser and put the URL in https).

Suddenly the service stopped working.
Some users from the Internet report that the page takes too long to load, and others report that the same thing happens to them as to me, it just doesn't load.
 
The client tells me that this service should be consumed by the 443 and not by the 80, but in the Firewall nothing has been touched.
0 Kudos
the_rock
Legend
Legend

I would add port 80 based on what I see in the logs.

Andy

0 Kudos
PhoneBoy
Admin
Admin

Looks like the destination IP in the debug and the IP in the rule is different...maybe adjust the object OR use an FQDN Domain Object?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events