I have logging enabled for start and end. And I'm pretty sure the traffic should hit the rule. Logging is enabled for almost everything (except for some dns, ntp and "internal" traffic). So if there would be a deny somewhere or a threat blocked, I would see it. So here's the fun part: If there's no user-to-ip mapping for the clients ip, nothing is logged. If there is a user-to-ip mapping, I have log entries. Session end reasons are tcp-rst-from-client and tcp-fin, so pretty normal. Known user or not should not even matter. The rule allows Any app/service for Any user from clients fixed ip. And for troubleshooting I don't even have a security profile attached. In a wireshark capture on the client I only get a dry RST from the server. But that could be the firewall sending a RST. Would the option "Disable Server Response Inspection" do any good ?
... View more