Firewall Rules - Inbound Rule config


#1

Hi All
I am brand new to the Peplink world , and have completed most of my setup , I am having troubles getting my mind around is the
"Inbound Rules"

By Default the Inbound Rules under Firewall are set to “allow all” , no problem , I get that
for example 3389 for RDP, from WAN to a secific ip internally for eg 192.168.1.25 using the standard port 3389 internally
I do have a “Server” setup on the Peplink and a “Service” transposing from and External IP to an internal computer
I can connect no problems

When I set Inbound Rules to “deny all” and
I set a rule , for 3389 for RDP, from WAN to a secific ip internally for eg 192.168.1.25 using the standard port 3389 internally (The “Server” config and “Service” config still exist)
I have set the “new” rule above the “Deny all” rule when I try and connect the the computer behind the Peplink , using the external IP, I cannot not connect , yet if I change the basic rule to "Allow All"
I can connect
What am I missing ???

I am using
Peplink Balance 310 , firmware 5.4.6. Build 1829

Robert


#2

Hi Robert,

This is a strange behavior. I don’t see any issues with how you set up the rules for “Inbound Access” (Port Forwarding) and “Firewall”.
“Firewall” rules overwrite any “Inbound Access” rules. So adding the new “RDP” rule above the “Default” (which is set to “Deny all”) under “Firewall” is an appropriate setup.

There might be some other configurations that are conflicting these rules in the Balance.

Please create a support ticket for this and we can go from there.

Thank you,
Haruki


#3

Can you check the “Source Port” of the Inbound firewall rules is set to ANY or not?

Correct:

  • Protocol: TCP
  • Source Port: ANY
  • Destination Port: 3389

Incorrect:

  • Protocol: TCP
  • Source Port: 3389
  • Destination Port: 3389