Firewall Rules Issues Post 7.1.1 Upgrade

Hello All,

I have a Plex Media server hosted behind a Balance 20 hw1. When i upgraded to 7.1.1 this weekend the sever was no longer available on WAN port 32400. After a bit of troubleshooting (more details below) I performed a reboot/downgrade back to 7.1 and the issue cleared up. I upgraded to 7.1.1 and the issue returned. Another reboot/downgrade has me functional on 7.1.

Any idea what may have changed (yes, i did read the change log) from 7.1 to 7.1.1 to cause this?

A few troubleshooting steps performed before downgrade:
Disable of deny any any (inbound and outbound).
Remove/Rebuild of firewall rules lists.
Rebuild port forwarding settings.
Rebuild of static DHCP IP settings.

Thanks for your time and I am happy to provide additional info if needed.

Had do a quick check on port forwarding rules for TCP/UDP 32400 for firmware 7.1.1 and seem it’s working fine:

Packet capture for WAN UDP port 32400:
09:51:59.777898 IP 149.202.25.65.50272 > 175.143.91.61.32400: UDP, length 0
09:51:59.849354 IP 46.4.143.48.55179 > 175.143.91.61.32400: UDP, length 0
09:51:59.853220 IP 185.29.8.135.58148 > 175.143.91.61.32400: UDP, length 0
09:51:59.856635 IP 185.25.204.60.52226 > 175.143.91.61.32400: UDP, length 0
09:51:59.865183 IP 185.81.113.195.40396 > 175.143.91.61.32400: UDP, length 0
09:51:59.867122 IP 213.202.222.130.59524 > 175.143.91.61.32400: UDP, length 0
09:51:59.873407 IP 31.148.219.169.40711 > 175.143.91.61.32400: UDP, length 0
09:51:59.888608 IP 179.43.148.195.46793 > 175.143.91.61.32400: UDP, length 0
09:51:59.896905 IP 95.46.98.26.53214 > 175.143.91.61.32400: UDP, length 0
09:51:59.917394 IP 185.159.82.88.54217 > 175.143.91.61.32400: UDP, length 0
09:51:59.927637 IP 178.17.171.235.35340 > 175.143.91.61.32400: UDP, length 0
09:51:59.984398 IP 5.22.157.52.42633 > 175.143.91.61.32400: UDP, length 0
09:51:59.991143 IP 176.221.34.58.51147 > 175.143.91.61.32400: UDP, length 0

Packet capture for Server UDP port 32400:

image981×285 8.25 KB

Packet capture for WAN TCP port 32400:
10:02:52.299016 IP 199.38.245.218.51792 > 175.143.91.61.32400: Flags [S], seq 1302982733, win 29200, options [mss 1460,sackOK,TS val 778386753 ecr 0,nop,wscale 7], length 0
10:02:52.342767 IP 5.149.253.121.41022 > 175.143.91.61.32400: Flags [S], seq 706466670, win 29200, options [mss 1460,sackOK,TS val 294552617 ecr 0,nop,wscale 5], length 0
10:02:52.856540 IP 146.196.65.20.36847 > 175.143.91.61.32400: Flags [S], seq 2914990122, win 29200, options [mss 1460,sackOK,TS val 2197976477 ecr 0,nop,wscale 6], length 0
10:02:54.012544 IP 149.202.25.65.34588 > 175.143.91.61.32400: Flags [S], seq 2347360289, win 14600, options [mss 1460,sackOK,TS val 850241819 ecr 0,nop,wscale 4], length 0
10:02:54.085286 IP 46.4.143.48.56724 > 175.143.91.61.32400: Flags [S], seq 2230538867, win 29200, options [mss 1460,sackOK,TS val 698650345 ecr 0,nop,wscale 6], length 0
10:02:54.148536 IP 185.159.82.88.47197 > 175.143.91.61.32400: Flags [S], seq 2836398387, win 29200, options [mss 1460,sackOK,TS val 872890323 ecr 0,nop,wscale 6], length 0
10:02:54.231267 IP 195.123.211.84.34651 > 175.143.91.61.32400: Flags [S], seq 2854176247, win 29200, options [mss 1460,sackOK,TS val 1634605251 ecr 0,nop,wscale 7], length 0
10:02:54.860760 IP 146.196.65.20.36847 > 175.143.91.61.32400: Flags [S], seq 2914990122, win 29200, options [mss 1460,sackOK,TS val 2197976978 ecr 0,nop,wscale 6], length 0

Packet capture for Server TCP port 32400:

image1354×337 16.7 KB

For your issue, please open a support ticket for support team to check.