Project

General

Profile

Actions

Bug #2202

closed

Firewall rules specifying a gateway does not work for WAN subnet in some cases.

Added by Andreas Winge about 12 years ago. Updated over 10 years ago.

Status:
Rejected
Priority:
Low
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
02/14/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0.1
Affected Architecture:

Description

I have a LAN firewall rule specifying that all outband traffic (destination all) should go to a gateway group containing a dynamic gateway for a VPN tunnel (default rule). This worked fine in 2.0.

After upgrading to 2.0.1 traffic going to the WAN subnet (note the WAN subnet only) went out to the default gateway. After adding a specific firewall rule before the default one (since the default one still matches the packets) with destination WAN subnet, this rule also routing the traffic to the gateway group containing the VPN tunnel, the traffic was routed correctly.

However this is not the behaviour I would expect from the default rule.

Actions #1

Updated by Jim Pingle about 12 years ago

  • Priority changed from High to Low

This is not unexpected behavior, there need to be policy route negation rules for any directly connected networks, static route networks, VPN networks, etc.

I'm not sure if the WAN subnet is included in our current automatic negation rules, leaving this open for now so others can comment.

Actions #2

Updated by Andreas Winge over 10 years ago

Well, it works if you specifically specifies it. And I have no problems with that. Please close this one...

Actions #3

Updated by Chris Buechler over 10 years ago

  • Status changed from New to Rejected

not a bug

Actions

Also available in: Atom PDF