Project

General

Profile

Actions

Bug #4563

closed

Bug when repurposing a firewall to new location

Added by Sam E over 9 years ago. Updated over 9 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
03/30/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

I took a Firewall from one customer and moved it to another and when I did so some of the rules did not change for the new LAN IP address. I ended up having to download the config file hand edit the IP addresses and it reuploaded to get the firewall to function correctly.

Here are the rules that I think we're causing the problem. The local network changed from 10.253.53.0/24 to 10.253.82.0/24 but the IP addresses in these didn't get updated. Any 10.253.53.0 IPs in this are WRONG:

    <nat>
        <ipsecpassthru>
            <enable/>
        </ipsecpassthru>
        <advancedoutbound>
            <rule>
                <source>
                    <network>192.168.53.0/24</network>
                </source>
                <dstport>500</dstport>
                <descr><![CDATA[Auto created rule for ISAKMP - DMZ to WAN2]]></descr>
                <target/>
                <interface>opt3</interface>
                <destination>
                    <any/>
                </destination>
                <staticnatport/>
                <created>
                    <time>1401654716</time>
                    <username>Manual Outbound NAT Switch</username>
                </created>
            </rule>
            <rule>
                <source>
                    <network>192.168.53.0/24</network>
                </source>
                <sourceport/>
                <descr><![CDATA[Auto created rule for DMZ to WAN2]]></descr>
                <target/>
                <interface>opt3</interface>
                <destination>
                    <any/>
                </destination>
                <natport/>
                <created>
                    <time>1401654716</time>
                    <username>Manual Outbound NAT Switch</username>
                </created>
            </rule>
            <rule>
                <source>
                    <network>192.168.1.0/24</network>
                </source>
                <dstport>500</dstport>
                <descr><![CDATA[Auto created rule for ISAKMP - LAN to WAN2]]></descr>
                <target/>
                <interface>opt3</interface>
                <destination>
                    <any/>
                </destination>
                <staticnatport/>
                <created>
                    <time>1401654716</time>
                    <username>Manual Outbound NAT Switch</username>
                </created>
            </rule>
            <rule>
                <source>
                    <network>192.168.1.0/24</network>
                </source>
                <sourceport/>
                <descr><![CDATA[Auto created rule for LAN to WAN2]]></descr>
                <target/>
                <interface>opt3</interface>
                <destination>
                    <any/>
                </destination>
                <natport/>
                <created>
                    <time>1401654716</time>
                    <username>Manual Outbound NAT Switch</username>
                </created>
            </rule>
            <rule>
                <source>
                    <network>10.253.53.0/24</network>
                </source>
                <dstport>500</dstport>
                <descr><![CDATA[Auto created rule for ISAKMP - LAN1 to WAN2]]></descr>
                <target/>
                <interface>opt3</interface>
                <destination>
                    <any/>
                </destination>
                <staticnatport/>
                <created>
                    <time>1401654716</time>
                    <username>Manual Outbound NAT Switch</username>
                </created>
            </rule>
            <rule>
                <source>
                    <network>10.253.53.0/24</network>
                </source>
                <sourceport/>
                <descr><![CDATA[Auto created rule for LAN1 to WAN2]]></descr>
                <target/>
                <interface>opt3</interface>
                <destination>
                    <any/>
                </destination>
                <natport/>
                <created>
                    <time>1401654716</time>
                    <username>Manual Outbound NAT Switch</username>
                </created>
            </rule>
            <rule>
                <source>
                    <network>127.0.0.0/8</network>
                </source>
                <dstport/>
                <descr><![CDATA[Auto created rule for localhost to WAN2]]></descr>
                <target/>
                <interface>opt3</interface>
                <destination>
                    <any/>
                </destination>
                <natport>1024:65535</natport>
                <created>
                    <time>1401654716</time>
                    <username>Manual Outbound NAT Switch</username>
                </created>
            </rule>
            <rule>
                <source>
                    <network>192.168.53.0/24</network>
                </source>
                <dstport>500</dstport>
                <descr><![CDATA[Auto created rule for ISAKMP - DMZ to WAN1]]></descr>
                <target/>
                <interface>opt4</interface>
                <destination>
                    <any/>
                </destination>
                <staticnatport/>
                <created>
                    <time>1401654716</time>
                    <username>Manual Outbound NAT Switch</username>
                </created>
            </rule>
            <rule>
                <source>
                    <network>192.168.53.0/24</network>
                </source>
                <sourceport/>
                <descr><![CDATA[Auto created rule for DMZ to WAN1]]></descr>
                <target/>
                <interface>opt4</interface>
                <destination>
                    <any/>
                </destination>
                <natport/>
                <created>
                    <time>1401654716</time>
                    <username>Manual Outbound NAT Switch</username>
                </created>
            </rule>
            <rule>
                <source>
                    <network>192.168.1.0/24</network>
                </source>
                <dstport>500</dstport>
                <descr><![CDATA[Auto created rule for ISAKMP - LAN to WAN1]]></descr>
                <target/>
                <interface>opt4</interface>
                <destination>
                    <any/>
                </destination>
                <staticnatport/>
                <created>
                    <time>1401654716</time>
                    <username>Manual Outbound NAT Switch</username>
                </created>
            </rule>
            <rule>
                <source>
                    <network>192.168.1.0/24</network>
                </source>
                <sourceport/>
                <descr><![CDATA[Auto created rule for LAN to WAN1]]></descr>
                <target/>
                <interface>opt4</interface>
                <destination>
                    <any/>
                </destination>
                <natport/>
                <created>
                    <time>1401654716</time>
                    <username>Manual Outbound NAT Switch</username>
                </created>
            </rule>
            <rule>
                <source>
                    <network>10.253.53.0/24</network>
                </source>
                <dstport>500</dstport>
                <descr><![CDATA[Auto created rule for ISAKMP - LAN1 to WAN1]]></descr>
                <target/>
                <interface>opt4</interface>
                <destination>
                    <any/>
                </destination>
                <staticnatport/>
                <created>
                    <time>1401654716</time>
                    <username>Manual Outbound NAT Switch</username>
                </created>
            </rule>
            <rule>
                <source>
                    <network>10.253.53.0/24</network>
                </source>
                <sourceport/>
                <descr><![CDATA[Auto created rule for LAN1 to WAN1]]></descr>
                <target/>
                <interface>opt4</interface>
                <destination>
                    <any/>
                </destination>
                <natport/>
                <created>
                    <time>1401654716</time>
                    <username>Manual Outbound NAT Switch</username>
                </created>
            </rule>
            <rule>
                <source>
                    <network>127.0.0.0/8</network>
                </source>
                <dstport/>
                <descr><![CDATA[Auto created rule for localhost to WAN1]]></descr>
                <target/>
                <interface>opt4</interface>
                <destination>
                    <any/>
                </destination>
                <natport>1024:65535</natport>
                <created>
                    <time>1401654716</time>
                    <username>Manual Outbound NAT Switch</username>
                </created>
            </rule>
            <enable/>
        </advancedoutbound>
    </nat>

Actions #1

Updated by Chris Buechler over 9 years ago

  • Status changed from New to Rejected
  • Affected Version deleted (2.2.1)

manual outbound NAT is user-configured and never updated by the system. Automatic outbound NAT would update itself. Manual doesn't, and shouldn't.

Actions

Also available in: Atom PDF