Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

ICMP packet dropped due to Policy

frefre Newbie ✭

I'm trying to test connection but I'm getting this behavior.

I have a server connected at X3 interface (Zone "Servers"). Inside this server there is a container with Docker/WordPress. WordPress related "connection timeout" for this attempt (own WordPress domain):

https://www.example.com/wp-json/wp/v2/types/post?context=edit

To check this, I'm testing connection from within this container: I can ping interface X3 and access internet, but the URL above is also not responding. Site is being served normally, with eventual slowness ocurring.

When I try "ping www.example.com" that resolves to my public IP (same as X1 IP), I get "0 received, 100% packet loss". At "Event Logs" I see "message = ICMP packet dropped due to Policy" and "Notes = err1: policy not found for packet on Zones(Servers -> WAN)"

Then I created access rule from X3 ("Servers") to WAN allowing ping, didn't work. Then I changed to allow ICMP, didn't work either. I even tried "anything" allowed as a global rule (from any to any ... any services...) and still no result.

Please explain or give me ideas on what is happening, what am I missing.

Category: Firewall Management and Analytics
Reply
Tagged:

Answers

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    "policy" can mean access policy, NAT policy, route policy. You said you've done the access policy, and that the server is on a connected interface subnet, so it's not a route policy, which leaves a NAT policy. Have you created a NAT policy? [I am assuming that NAT is required, it may not be].

    What is odd is that "policy not found for packet on Zones(Servers -> WAN)" implies that it's the reply packets from your server that get dropped. Usually it is not necessary to explicitly create policies for replies as the state tracking should handle this.

Sign In or Register to comment.