Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Cihat_Bulut
Contributor
Contributor

TCP Port 8082 dropped by implied rule 0

Hi,

In R80.20, when you have a tcp server accessed by tcp port 8082, it is dropped by CP implied rule 0.

TCP 8081,8083 … works, but 8082 not.

The SYN packet cannot be seen after Inbound VM chain. Anybody have an idea?

0 Kudos
11 Replies
Mark_Mitchell
Advisor

Hi Cihat, 

Are you able to share the Log entry relevant to the drop please?

Regards

Mark

0 Kudos
Cihat_Bulut
Contributor
Contributor

Unfortunately, there is no log entry. Only "fw ctl zdebug + drop" output. It is dropped by implied rule 0, nothing else.

0 Kudos
Mark_Mitchell
Advisor

Within SmartConsole can you screen shot the service you created for 8082 please? 

Would I be correct in assuming that you are not logging implied rules? 

Regards

Mark

0 Kudos
Cihat_Bulut
Contributor
Contributor

It is normal TCP service, nothing else. Add new service and just type 8082.

0 Kudos
Maarten_Sjouw
Champion
Champion

Is this by any chance a Cloudguard VM in Azure/AWS?

There are a number of SK's where there is the following line:

      The following ports cannot be used: 444, 8082 and 8880.

I could not find why but it seems these ports have an internal use there.

Regards, Maarten
0 Kudos
Cihat_Bulut
Contributor
Contributor

I know it, but my system is appliance. You can test it on any appliance or in vm.

0 Kudos
Mark_Mitchell
Advisor

It may be worth getting a TAC case raised to investigate further. Have you had a look at the implied rules to see if the traffic matches anyone of those? If I get time this evening, I'll have a further look for you.

Regards

Mark

0 Kudos
Mark_Mitchell
Advisor

I had a quick check and I cannot see any implied rules that would cause your traffic to be blocked. 

If you have a hardware appliance with SecureXL on, you could try turning off SecureXL and seeing if you can see anything further within fw monitor. I would recommend just checking your current loading, as if you box is already highly utilized you will want to disable during a maintenance window. 

If you don't see anything further with SecureXL disabled, then I would suggest raising a TAC case. 

Regards

Mark

0 Kudos
Cihat_Bulut
Contributor
Contributor

The exact scenario is;

GW External IP:8082 -> Static NAT -> Server internal IP:8082

I have tested in two different environment, one is fresh appliance and the other is in vm.

0 Kudos
PhoneBoy
Admin
Admin

I belive those ports are used internally (specifically for MultiPortal).

As such they cannot be used in this context and a different port should be used.

0 Kudos
Cihat_Bulut
Contributor
Contributor

You can use any port, but please document it. Because my customer spent 5 hours to discover this issue. At the end, replaced the port. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events