Firewall Outbound Rule - Ignored when WAN is Mobile Internet

Product Discussion Peplink Balance
1

Previously, Firewall Outbound Rules were successfully blocking LAN Computer from accessing two particular websites and one entire domain.
Recently it was found that LAN Computer could access the blocked websites and domain.

Two Test rules were added to Block All access by LAN computer to Anywhere. One rule used LAN computer’s assigned IP address and other rule used computer’s MAC ID. Both rules were put at very top of List (first rules to be encountered). Both rules were setup to Log events.
Changes were Applied.

Despite the rules, the computer could access any website. There were no entries in Event Log for computer.
The PepLink router was rebooted. Testing repeated. Same results.

One thing that is different: The PepLink Router is currently running from Mobile Internet, not normal WAN-1.

Are Firewall Outbound Rules bypassed when running from Mobile Internet (USB Cellular Modem)?

2

Copied existing Firewall Outbound Rules to Firewall Internal Network Rules.
From quick testing, it appears placing same rules under Internal Network Rules does block LAN Computer from accessing two particular websites and one entire domain when PepLink Router is running from Mobile Internet.

Does appear that Firewall Outbound Rules only apply to WAN 1 (or WAN 2) - and do not apply to WAN Mobile Internet.

3

Just a guess, but you may be dealing with ISP specific DNS and DNS caching - maybe. Let me know if this seems plausible.

Router is configured to cache DNS. Initial DNS request for unwanted.com comes back 73.55.55.55 from ISP A. Next, a client bypasses the routers DNS server (are you redirecting all outbound DNS to local proxy?) and goes to google public DNS and gets back 99.99.99.23 for the same URL - unwanted.com. Or the client goes directly to ISP B DNS. The router knows that 73.55.55.55 is not allowed, but how would it know about 99.99.99.23 since it did not perform the lookup (it was bypassed). I would make sure that forward dns requests to local proxy is enforced.

1 Like
4

@AstiRusty

Seem you mention the weird behaviors for the firewall rules:

  • Firewall Outbound Rules bypassed when running from Mobile Internet (USB Cellular Modem)
  • Internal Network Rules does block LAN Computer from accessing two particular websites

I have performed a simple test to verify the firewall rules for Mobile Internet (USB Cellular Modem) and it work as expected.

I would suggest you open a support ticket here for support team to check.

1 Like