Firewall Reject HTTPS request from outside network



  • Hi,

    I have created NAT/Firewall rules and opened HTTPS port to access the mailserver from outside network.
    But the users are not getting access to the site.

    I have traced the firewall traffic, firewall log shows rejected incomming request from WAN2.
    Source port also not https port.

    I am attaching jpeg images for your reference.

    Please guide me if I am making mistake.








  • You have to set the source port at rules to 'any'. That's how natted clients will access you.
    In the posted log you can easily see source ports of:
    2360, 2361, 2362 and 2365



  • @jahonix:

    You have to set the source port at rules to 'any'. That's how natted clients will access you.
    In the posted log you can easily see source ports of:
    2360, 2361, 2362 and 2365

    Thanks,
    It is working now.

    One more question. In firewall log it is showing that entries from LAN to LAN are getting blocked on WAN interface.

    Can you please explain it and what is the solution stop it.

    Image of LAN rules and firewall log are attached here.






  • I don't get your LAN rules but I have absolutely zero experience with dual WAN or load balancing setups.
    UDP 137, however, is NetBios and you don't want that leaving your Lan anyway.



  • @jahonix:

    I don't get your LAN rules but I have absolutely zero experience with dual WAN or load balancing setups.
    UDP 137, however, is NetBios and you don't want that leaving your Lan anyway.

    Can anybody explain me about my above mentioned post.

    Also I have placed all rules properly and I am assuming that default rules will block all incoming traffic from outside network, but still my firewall log is showing that outside network are getting entry to local network.

    I am attaching firewall logs image and other images about firewall rules are mentioned above.
    Please guide me if there is any mistake in firewall rules.




  • That tiny snippet, free of context as it is, looks like it might be half of an FTP session.


Log in to reply