Severin Dellsperger

Application Control Bug!?

Discussion created by Severin Dellsperger on Feb 14, 2019
Latest reply on Feb 18, 2019 by Severin Dellsperger

Hi guys,

 

Yesterday, we had some problems with application control, which I didn't understand.

We use a central configured(SMP) 730 appliance with version R77.20.81 (990172541).

We also use the firewall blade in strict mode and the application control is activated too:

 

So we configured something like that:

Outgoing access to the Internet

SourceDestinationApplicationServiceAction
LAN networksInternetANY80, 443Accept
LAN networksInternetANY50, 123Accept

 

Incoming, Internal and VPN traffic

SourceDestinationApplicationServiceAction
VPN DomainsVPN DomainsANYAny(encrypted)Accept

 

Additional we have the auto generated rules in the outgoing access tab(application control):

The undesired applications contains following elements:

 

So we tested the connection between to branches, which are connected via S2S VPN(which is working correctly).

The most protocols worked fine, but we had some problems with smp and rdp.

So i checked the log and found that:

There I could see that the application control blocks internal(vpn) traffic on the outgoing interface.

How we can see above, there aren't application block rules configured in the "Incoming, Internal and VPN traffic" section. Nevertheless the traffic over port 3389 between the internal networks 192.168.14.x and 192.168.10.y was blocked.

So I had to configure an outgoing rule for internal networks, which allows the communication between the defined vpn networks:

As soon as I activated this rule, the communication via the rdp and smb protocol was working properly.

 

Has someone the same problem?

Is this a application control bug?

 

Thanks a lot.

 

 

Best Regards

Severin Dellsperger

Outcomes