Comments
-
Thank you for letting me know
-
That did the trick, thank you very much.
-
Here? I'll be honest...that never crossed my mind...
-
I have it disabled. The info on the "Enable HTTPS Content Filter" says: "HTTPS Content Filtering HTTPS content filtering is IP based, and will not inspect the URL. While HTTP content filtering can perform redirects to enforce authentication or provide a block page, HTTPS filtered pages will be silently blocked." My guess…
-
It does work from outside. Like I said, it doesn't work when i have CFS configured with "Scan HTTPS" enabled. As soon as I turn it off it works ok.
-
Forgot to mention that I've looked into the logs and also Packet capture, with no luck...
-
@MustafaA ignore my last comment, I just used my head. And it is not working because It is not translating the SSL subnet to the WAN IP, because of the "original/original". And most likely that's why It works when I turn the NAT rule that i've created, because it translates the SSL IPs to the WAN.
-
It looks like it can't use the default NAT policy route. might be because the priority is at 62 (It is the last policy on my NAT rules) _____________________________________ Default NAT Policy_2 Any Any Any Any Any Original Original Original
-
Without the NAT rule, the packet is only "Generated", I don't get any dropped packets. I need to enable the NAT rule to start getting "Consumed" packets.
-
Thank you @MitatOnge.
-
Hello, that was what I just did. And it looks like it is working now. Also, MitatOnge, do you think that it is worth it to have GAV also scanning outbound connections?
-
It is Site to Site, I did disable the security services on the VPN zone, but on the Capture ATP Scanning History files are still getting scanned on the VPN. Does the firewalls need restaring?
-
Yes, that is it.
-
The ISP gave me 3 IPs. 2 to configure the connection between my firewall and their device and 1 Public IP. The public IP wasn't supposed to be configured on the WAN port, but I did it anyway. I configured it on the WAN port with the default gateway pointing to the ISP device (one of the 2 IPs that I had to configure for…
-
I think that I was able to fix my problem. :D