Actions
Bug #4563
closed
Bug when repurposing a firewall to new location
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
03/30/2015
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:
Description
I took a Firewall from one customer and moved it to another and when I did so some of the rules did not change for the new LAN IP address. I ended up having to download the config file hand edit the IP addresses and it reuploaded to get the firewall to function correctly.
Here are the rules that I think we're causing the problem. The local network changed from 10.253.53.0/24 to 10.253.82.0/24 but the IP addresses in these didn't get updated. Any 10.253.53.0 IPs in this are WRONG:
<nat>
<ipsecpassthru>
<enable/>
</ipsecpassthru>
<advancedoutbound>
<rule>
<source>
<network>192.168.53.0/24</network>
</source>
<dstport>500</dstport>
<descr><![CDATA[Auto created rule for ISAKMP - DMZ to WAN2]]></descr>
<target/>
<interface>opt3</interface>
<destination>
<any/>
</destination>
<staticnatport/>
<created>
<time>1401654716</time>
<username>Manual Outbound NAT Switch</username>
</created>
</rule>
<rule>
<source>
<network>192.168.53.0/24</network>
</source>
<sourceport/>
<descr><![CDATA[Auto created rule for DMZ to WAN2]]></descr>
<target/>
<interface>opt3</interface>
<destination>
<any/>
</destination>
<natport/>
<created>
<time>1401654716</time>
<username>Manual Outbound NAT Switch</username>
</created>
</rule>
<rule>
<source>
<network>192.168.1.0/24</network>
</source>
<dstport>500</dstport>
<descr><![CDATA[Auto created rule for ISAKMP - LAN to WAN2]]></descr>
<target/>
<interface>opt3</interface>
<destination>
<any/>
</destination>
<staticnatport/>
<created>
<time>1401654716</time>
<username>Manual Outbound NAT Switch</username>
</created>
</rule>
<rule>
<source>
<network>192.168.1.0/24</network>
</source>
<sourceport/>
<descr><![CDATA[Auto created rule for LAN to WAN2]]></descr>
<target/>
<interface>opt3</interface>
<destination>
<any/>
</destination>
<natport/>
<created>
<time>1401654716</time>
<username>Manual Outbound NAT Switch</username>
</created>
</rule>
<rule>
<source>
<network>10.253.53.0/24</network>
</source>
<dstport>500</dstport>
<descr><![CDATA[Auto created rule for ISAKMP - LAN1 to WAN2]]></descr>
<target/>
<interface>opt3</interface>
<destination>
<any/>
</destination>
<staticnatport/>
<created>
<time>1401654716</time>
<username>Manual Outbound NAT Switch</username>
</created>
</rule>
<rule>
<source>
<network>10.253.53.0/24</network>
</source>
<sourceport/>
<descr><![CDATA[Auto created rule for LAN1 to WAN2]]></descr>
<target/>
<interface>opt3</interface>
<destination>
<any/>
</destination>
<natport/>
<created>
<time>1401654716</time>
<username>Manual Outbound NAT Switch</username>
</created>
</rule>
<rule>
<source>
<network>127.0.0.0/8</network>
</source>
<dstport/>
<descr><![CDATA[Auto created rule for localhost to WAN2]]></descr>
<target/>
<interface>opt3</interface>
<destination>
<any/>
</destination>
<natport>1024:65535</natport>
<created>
<time>1401654716</time>
<username>Manual Outbound NAT Switch</username>
</created>
</rule>
<rule>
<source>
<network>192.168.53.0/24</network>
</source>
<dstport>500</dstport>
<descr><![CDATA[Auto created rule for ISAKMP - DMZ to WAN1]]></descr>
<target/>
<interface>opt4</interface>
<destination>
<any/>
</destination>
<staticnatport/>
<created>
<time>1401654716</time>
<username>Manual Outbound NAT Switch</username>
</created>
</rule>
<rule>
<source>
<network>192.168.53.0/24</network>
</source>
<sourceport/>
<descr><![CDATA[Auto created rule for DMZ to WAN1]]></descr>
<target/>
<interface>opt4</interface>
<destination>
<any/>
</destination>
<natport/>
<created>
<time>1401654716</time>
<username>Manual Outbound NAT Switch</username>
</created>
</rule>
<rule>
<source>
<network>192.168.1.0/24</network>
</source>
<dstport>500</dstport>
<descr><![CDATA[Auto created rule for ISAKMP - LAN to WAN1]]></descr>
<target/>
<interface>opt4</interface>
<destination>
<any/>
</destination>
<staticnatport/>
<created>
<time>1401654716</time>
<username>Manual Outbound NAT Switch</username>
</created>
</rule>
<rule>
<source>
<network>192.168.1.0/24</network>
</source>
<sourceport/>
<descr><![CDATA[Auto created rule for LAN to WAN1]]></descr>
<target/>
<interface>opt4</interface>
<destination>
<any/>
</destination>
<natport/>
<created>
<time>1401654716</time>
<username>Manual Outbound NAT Switch</username>
</created>
</rule>
<rule>
<source>
<network>10.253.53.0/24</network>
</source>
<dstport>500</dstport>
<descr><![CDATA[Auto created rule for ISAKMP - LAN1 to WAN1]]></descr>
<target/>
<interface>opt4</interface>
<destination>
<any/>
</destination>
<staticnatport/>
<created>
<time>1401654716</time>
<username>Manual Outbound NAT Switch</username>
</created>
</rule>
<rule>
<source>
<network>10.253.53.0/24</network>
</source>
<sourceport/>
<descr><![CDATA[Auto created rule for LAN1 to WAN1]]></descr>
<target/>
<interface>opt4</interface>
<destination>
<any/>
</destination>
<natport/>
<created>
<time>1401654716</time>
<username>Manual Outbound NAT Switch</username>
</created>
</rule>
<rule>
<source>
<network>127.0.0.0/8</network>
</source>
<dstport/>
<descr><![CDATA[Auto created rule for localhost to WAN1]]></descr>
<target/>
<interface>opt4</interface>
<destination>
<any/>
</destination>
<natport>1024:65535</natport>
<created>
<time>1401654716</time>
<username>Manual Outbound NAT Switch</username>
</created>
</rule>
<enable/>
</advancedoutbound>
</nat>
Updated by
Actions