Firewall Blocking for some reason

  • Good Afternoon all,

    I have a small issue with pfSense firewall

    I have an ipsec tunnel between 2 sites, one site a there is a CCTV Recorder and in Site B there is an IP Camera. The camera uses RTSP

    CCTV Recorder address (via LAN Port) is
    CCTV Camera via IPSEC is

    I have set on both LAN and IPSEC Firewall rules to allow all IPv4 Traffic yet the firewall logs present:-
    Block Oct 18 16:13:23 LAN TCP:RA

    I can use my mobile no problems from Site A or Site B to link to the Camera, but the NVR on gets blcoked - No idea why

    The Rules for both LAN and IPSEC are

    IPv4 * * * * *

    Can any of you guys help?



    Out of state traffic being blocked.  Completely normal.  pfSense sends a RST and closes the connection.  The client end responds with RST ACK, but by that time the connection is already closed, so pfSense thinks the client is trying to open a new connection.  This is what's being blocked.

  • "but the NVR on gets blcoked"
    Completely blocked or only showing some of these random blocks in the log? Random blocks that are otherwise not detected other than they show in the log, would fall under what KOM said.

  • Good Morning,

    Thank you for help so far - gets blocked completely when taking to - All other services on this server work fine. When talking to this camera on port 80 it works fine from - only when it is the NVR software talking to the camera everything fails. I can talk to the camera locally (on the 10.10.1.x/24 network) no problems. I am certain it is around the RTSP (554) and associated ports that are causing the problem.

    Your help is much appreciated


  • Just to test things and make a simpler environment I am using VLC Player on to read the stream from the camera on - it cannot connect at all

    Pinging etc from to works fine

  • Provide details of the interfaces involved and the firewall rules for each.

  • BT Infinity to Cisco Router (Bridge Mode) –--- PFSense ---- LAN --- Cisco (Thats the network) pfSense is on a SoHo Blue dual NIC PC.

    IPSEC to a Fortigate 60D ( Network)

    Both the IPSEC and LAN interface on the pfSense box has a rule to allow all IPv4 traffic - any protocol - any port. Everything works fine except RTSP. This is being shown in the Firewall Log as being blocked by the default deny rule, but I dont understand why, when both the IPSEC and LAN has allow all traffic regardless of protocol or port (IPv4)

    The network and the network is connected together using IPSEC

    Hope this helps.

  • And do I understand that everything else on LAN has successful access to the CCTV except the NVR?