• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Floating rules not working

Scheduled Pinned Locked Moved Firewalling
4 Posts 3 Posters 1.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    maverik1
    last edited by Jul 23, 2016, 3:40 AM

    I have a setup of about 5 vlans. Admin, Guest, Work, User and Mobile.  I have created an alias called pfsenseguiaccess with the gateway hosts of each vlan. So e.g.  10.0.0.1, 10.0.2.1, 10.0.3.1, 10.0.4.1 and 10.0.5.1.  I then created a floating rule to block access from the 5 networks to pfsenseguiaccess on https(443).

    However, it doesn't appear to be working as I would assume it would. For example, if I connect to the Guest network I am able to get to the gui access page via the browser for any of the networks.

    What am I not doing correctly?

    Thanks in advance

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Jul 23, 2016, 12:24 PM

      so lets see this rule you setup.  Did you set it up inbound or outbound.  You selected all the interfaces in the floating rule?

      Keep in mind if a state is created already does not matter if you create a block rule until that state is cleared the block will not work.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      1 Reply Last reply Reply Quote 0
      • M
        maverik1
        last edited by Jul 23, 2016, 4:02 PM

        It looks like the issue is the proxy. Those rules have a higher precedence than the firewall rules. I just blocked the gateways under the acl settings.

        1 Reply Last reply Reply Quote 0
        • H
          Harvy66
          last edited by Jul 28, 2016, 11:03 PM

          It's not that they have a higher precedence it's that you're connecting to the proxy not the remote server.

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received