Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Newbie
    Join Date
    Mar 2020
    Posts
    11

    Default How to edit default Policy 0 stop it from blocking 514 port

    New to untangle, our business uses it to nat and to control traffic. We're on ver 15! I'm trying to get syslog security/events logs from our edge router to our solarwinds server. I've turned on logging for blocked Sessions, under shield app I filtered for port 514 and it appears to me that the request from the solarwinds server to our edge router are being blocked by untangle from default policy 0 in the prefix filter field it states filter_block.

    What I've done is to create rule in both shield, network filter rule, and nat rule for translating from our edge router 139.200.239.2 to 139.200.239.1 (untangle) to our untangle firewall 10.1.200.201

    any help or suggestions are appreciated, trying to get compliant. Thanks Jacksparrow

    shield app
    2020-03-24 08:20:43 am
    139.200.239.1 139.200.239.2 514 139.200.239.1 514 filter_blocked
    Last edited by Jacksparrow796; 03-24-2020 at 05:22 AM.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,516

    Default

    Post a screen capture of the entire rule in shield and the entire window for the report event.
    Jacksparrow796 likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Mar 2020
    Posts
    11

    Default

    jcoffin,
    Thank you for the reply as requested plus rules from the network filter.
    shield rules.jpgshield screen shot.jpguntangle internal firewall.jpg

  4. #4
    Newbie
    Join Date
    Mar 2020
    Posts
    11

    Default

    Jcoffin,
    The screen shot from shield report doesn't show the policy or policy number, trust me I included those fields once and they are default policy and 0! I'm trying to get syslog traffic from the edge router to SolarWinds to include snmp. I configured a port on the edge router and attach a local pc and used visual syslog and I could see entries to the laptop. I'm seeing blocks from untangled. Untangle is between the edge router and aruba switch, untangle is our gateway for our lan and does natting for us. any help would really appreciated. Jim

  5. #5
    Newbie
    Join Date
    Mar 2020
    Posts
    11

    Default

    jcoffin,
    Should I post this in networking app or system? I selected policy becuase I believe this can be resolved with a rule or default polcy, any help is appreciated. thanks Jim

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,516

    Default

    Sorry for the delay.

    It seems it is not shield which is blocking this but either NAT or network Filter Rules. If it is shield, these events would be in the Blocked session report for shield admin/index.do#reports?cat=shield&rep=blocked-session-events.

    Do you have Log local inbound sessions checked in /admin/index.do#config/network/advanced ? if so, those events are the NAT blocking traffic to the box itself.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    1,712

    Talking Welcome

    ...To Untangle, and the forum!

    Quote Originally Posted by Jacksparrow796 View Post
    New to untangle, our business uses it to nat and to control traffic. We're on ver 15! I'm trying to get syslog security/events logs from our edge router to our solarwinds server. I've turned on logging for blocked Sessions, under shield app I filtered for port 514 and it appears to me that the request from the solarwinds server to our edge router are being blocked by untangle from default policy 0 in the prefix filter field it states filter_block.

    What I've done is to create rule in both shield, network filter rule, and nat rule for translating from our edge router 139.200.239.2 to 139.200.239.1 (untangle) to our untangle firewall 10.1.200.201

    any help or suggestions are appreciated, trying to get compliant. Thanks Jacksparrow

    shield app
    2020-03-24 08:20:43 am
    139.200.239.1 139.200.239.2 514 139.200.239.1 514 filter_blocked
    I don't want to confuse things, but I just wrapped my head around this. I don't think you need any of this. A simple [Port Forward Rule] should do the trick. #config/network/port-forward-rules

    Undo all the rest.

  8. #8
    Newbie
    Join Date
    Mar 2020
    Posts
    11

    Default

    Ninja,
    I get that, this should be a simple port forward. But this is where were at, all the other rules I configured are because port forward didn't work as advertised. Is it possible that port forward will not work until a reboot of the virtual server?

    This is a good time to redo, I will undo all entries and start again.

    Syslog entries are pushes, as the security or events happen on the router they are streamed to the public side of untangle eth0, physically attached to port 7 of the router, untangle should pass the traffic to our gateway eth1, port forward should send the traffic to the server. do I have this correct? Jim
    Thank you Jim

  9. #9
    Newbie
    Join Date
    Mar 2020
    Posts
    11

    Default

    I do have log local turned on, Yes I do believe Nating could be dropping the entries. The router is physical connected to a server that has a virtual server with untangle doing our nating. etho is the public side of untangle and eth1 is our gateway. I have the router configured to send syslog entries to the ip address of the public side of the untangle firewall. I have port forward entries to send the traffic to the server for syslog its 514 for snmp its 161.

  10. #10
    Newbie
    Join Date
    Mar 2020
    Posts
    11

    Default

    If nating are blocking these entries (I do believe it is)what would the nating rule look like to pass these entries? any help is appreciated. Jim

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2