Problem with inbound access rules - Balance 305

westlife · June 11, 2015, 4:51am

Hey guys, first let me start by saying that I am not very advanced with this stuff, I only know some basics.

I am having an issue with inbound access rules on our new Balance 305. I am trying to set up remote access so that our web server (hosted outside our building) can connect to our internal FTP server on our LAN. For instance, see the following rule:

But our web server is unable to connect. Is there something else I need to do in order for the connection to work? Do I need to set up NAT Mapping or something like that? Please let me know if further info is needed and I would be happy to provide it.

Thanks,
Dave

westlife · June 11, 2015, 9:47am

Just an update. I ended up adding a “service” for this rule as well, and now it seems to be working. So just to clarify, if I need to add a rule where only a specific IP address can connect to a server on our LAN, I need to add a “service” as well as an “access rule”?

TK_Liew · June 11, 2015, 12:28pm

Hi Dave,

To allow inbound access, you need to configure Port Forwarding (adding “service” which you have done) and Inbound Firewall Rule (you have done this also) if Default Rule set to Deny.

Based on your given settings, you just need to ensure Default Inbound Firewall rule is set to Deny.

Hope this help.

westlife · June 12, 2015, 1:35am

Got it, thanks! Also, I am trying to set it so that certain IP’s use only WAN2 for outbound traffic. When I add an outbound policy for this using their IP address, that person is not able to get online. But the connection is up and healthy. Any ideas why it would not work?

TK_Liew · June 14, 2015, 12:26pm

Hi Dave,

Please ensure you configure Outbound rule as below and put it as top priority.

westlife · June 15, 2015, 1:55am

I had it set up like this, but turns out I needed to reboot the ISP router. All is good now, thanks!

sitloongs · June 15, 2015, 4:09pm

Hi,

For your information , changing outbound policy, will not require you to rebooting the ISP router. For your case, most properly is the WAN2 router issue, thus the traffics enforce to the WAN2 will not get connected.

Please make sure WAN health check is enabled for all the connected WANs as this will help you to monitor all the available WAN status.

If WAN health check is enabled, Balance will reported that the WAN2 health check is failed and this will give you more hits to further check on the WAN2 router or the health check server. Please make sure the health check server are configure to a reliable IP that can reflect the WAN status .

For more information, please refer to the attached screenshot that showing the WAN status.