I have a strange behavior on some of my RUTx devices after updating the firmware.
I upgraded from about 07.06.10 to 07.13.3
The RUTx units are connected with IPSec tunnels to my central firewall (about 100)
Almost all communication works from my local LAN (192.168.172.0/24) to my remote sites. But had problems surfing to some devices out on my sites. But only from some devices on my local LAN.
When I changed the “Source Zone” on the default “Forward” policy for the VPN connection from “WAN” to “Any Zone”, all communication started working.
Why is that?
If it counts IPec tunnels as a new zone instead of WAN, why does it work 99% with having “WAN” as the “Source Zone”?
The policy is the default policy that forwards traffic from the ipsec tunnel to the lan on the RUTx. The policy is auto created when I create the ipsec tunnel.
The 192.168.172.0 network is a network at my main office.
The 192.168.118.0 is the lan network behind the RUTx router.
The thing that was NOT working was http traffic from the 192.168.172.24 server to the PLC 192.168.118.50.
Ping and modbus traffic worked fine.
Http traffic from the 192.168.172.100 server worked fine.
As soon as I changed to “Any Zone” in the default policy 192.168.172.24 could talk http to 192.168.118.50
Apologies for the delay, and thank you for the details. By default, when an IPsec tunnel is created, it’s attached to the WAN firewall zone, and the auto-generated traffic rule should work with the source zone set to WAN, allowing HTTP traffic from the 192.168.172.0 network to the 192.168.118.0 destination. Could you please clarify and confirm whether this works as expected on your setup when using WAN as the source zone?
