NSA2700 to TZ270 Tunnel Interface dropping SNMP
PRTG Monitor server ts 10.0.1.50 going across a tunnel interface to the TZ270 10.10.11.5 at a remote site for SNMP data.
I've already tested access rules on both sites LAN>VPN and VPN>LAN allow all (just for testing) with no change
I've also enabled the SNMP slider on X0 and the VPN Interface
Ether Type: IP(0x800), Src=[00:01:5c:80:cc:46], Dst=[2e:b8:ed:d9:52:e1]
IP Packet Header
IP Type: UDP(0x11), Src=[10.0.1.50], Dst=[10.10.11.5]
UDP Packet Header
Src=, Dst=, Checksum=0x7778, Message Length=49 bytes
DROPPED, Drop Code: 727(Packet dropped - Policy drop), Module Id: 27(policy), (Ref.Id: _2728_qpmjdzDifdl) 1:2)
Does the VPN-> LAN access rule for this traffic have "Allow Management Traffic" ticked on it?
I think I had a similar issue and the fix was creating a route policy with a source of Any and a destination of the PRTG server. This was a stupid fix because there was already a more general route that should have matched this.
Also have this issue with HA firewalls. Had to add route policies with a source of "HF Backup X2 IP" and "HF Primary X2 IP" in order to be able to use the additional management addresses. Gen6 "Just Worked" in this regard, no need for apparently redundant routes.
maybe something to look at unless its already set.