- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
02-11-2021 07:02 AM
Hi All,
I have a security rule to allow ip "A" to ssh to ip "B". I can see the traffic actually hitting the fw but it gets dropped with interzone-default. The test policy match also verifies that it matches the traffic.
IP "B" is actually the firewall. And IP "B" is nated like this: original packet source IP "C", original packet dest ip "A", translated packet source ip "B".
How can this happen? So the traffic hitting the firewall has an explicit allow rule but still missed.
IP "A" is on the other end of the IPSec tunnel and when this traffic comes, it successfully creates a child SA. Routing is also set up for IP "A"
Chhers,
Daniel