Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Newbie
    Join Date
    Aug 2019
    Posts
    5

    Default Untangle firewall not blocking Destination IPs also Filtering Bypassed IPs

    Hi

    I am having this issue where although i have passed an IP under config>network>bypass rules it is still being scanned with the firewall app.

    2nd issue is the Firewall app blocking destination IPs do not work although it reports flagged and blocked it does not block.

    Network Interface 1 is set as Wan and addressed connects directly to router, only device connected.
    Network Interface 2 is set as bridged to 1 and connected to network switch.
    Last edited by WurminatorZA; 08-13-2019 at 05:58 AM.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,178

    Default

    Let's start with the first issue. Post your bypass rules. Does the session viewer show the session as bypassed?
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,774

    Default

    Yeah, we need screen grabs of your bypass rules because the first explanation for this behavior is bypass rules that aren't doing what you think they're doing.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,186

    Default

    maybe backwards bridge?

  5. #5
    Newbie
    Join Date
    Aug 2019
    Posts
    5

    Default

    Quote Originally Posted by jcoffin View Post
    Let's start with the first issue. Post your bypass rules. Does the session viewer show the session as bypassed?
    BypassScreen.jpg
    Seems to be working now, i have not changed bypass rules instead move the blocked destination IPs to the top of the firewall rule list not that it should matter in the sense that there are no conflicting rules that i can think of.. Firewall screencap attached also

    FirewallScreen.jpg

    Session viewer shows session as bypassed
    Last edited by WurminatorZA; 08-13-2019 at 10:30 PM.

  6. #6
    Newbie
    Join Date
    Aug 2019
    Posts
    5

    Default

    Nevermind spoke too soon still seeing bypassed IP in firewall reports, it is bypassed i can visit the blocked IPs but it was my understanding that the reports app won't filter it?

  7. #7
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,178

    Default

    Post a screen capture of the entire session viewer event which is not what you expect.


    Also facebook and Youtube has hundreds of IP addresses so listing a few is unless to try and block those services.
    Last edited by jcoffin; 08-13-2019 at 10:36 PM.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Newbie
    Join Date
    Aug 2019
    Posts
    5

    Default

    Okay so here is the session screencap
    SessionsScreen.jpg

    and firewall report
    SessionsScreen.jpg

  9. #9
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,178

    Default

    Your bypass rules have 192.168.0.65 bypassed. The session viewer shows the session bypassed. All bypassed session do not hit any of the apps such has firewall. If you want to block a bypassed session, use filter rules in /admin/index.do#config/network/filter-rules
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  10. #10
    Newbie
    Join Date
    Aug 2019
    Posts
    5

    Default

    Thanks for the help, but what im actually asking is how do you pass an IP so that it doesnt get filtered or shown on any apps as in the reports app it gets scanned as well as firewall although its not enforcing the rules on that specific IP its still getting sent to reports app

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2