ICMP packet dropped due to Policy
I'm trying to test connection but I'm getting this behavior.
I have a server connected at X3 interface (Zone "Servers"). Inside this server there is a container with Docker/WordPress. WordPress related "connection timeout" for this attempt (own WordPress domain):
https://www.example.com/wp-json/wp/v2/types/post?context=edit
To check this, I'm testing connection from within this container: I can ping interface X3 and access internet, but the URL above is also not responding. Site is being served normally, with eventual slowness ocurring.
When I try "ping www.example.com" that resolves to my public IP (same as X1 IP), I get "0 received, 100% packet loss". At "Event Logs" I see "message = ICMP packet dropped due to Policy" and "Notes = err1: policy not found for packet on Zones(Servers -> WAN)"
Then I created access rule from X3 ("Servers") to WAN allowing ping, didn't work. Then I changed to allow ICMP, didn't work either. I even tried "anything" allowed as a global rule (from any to any ... any services...) and still no result.
Please explain or give me ideas on what is happening, what am I missing.
Answers
"policy" can mean access policy, NAT policy, route policy. You said you've done the access policy, and that the server is on a connected interface subnet, so it's not a route policy, which leaves a NAT policy. Have you created a NAT policy? [I am assuming that NAT is required, it may not be].
What is odd is that "policy not found for packet on Zones(Servers -> WAN)" implies that it's the reply packets from your server that get dropped. Usually it is not necessary to explicitly create policies for replies as the state tracking should handle this.