Hi forum,

is it possible that SPI in 2860 does not work? Please have a look at this extract from Syslog (it's a little shortened for convenience):

2013-12-07 16:34:41 LAN-WAN Pass Rule 04:3 192.168.0.1:80 - 213.192.192.10:23670
2013-12-07 16:34:41 WAN-LAN Block Rule 13:1 213.192.192.10:23670 - 192.168.0.1:80

The answer on outgoing request (allowed by rule 4:3) is blocked by general rule 13:1. This should not happen, according to SPI.

Any thought?

Thanks and regards,
Stefano

switch them around so the block rule is above the Pass Rule with the action "block if not further match"

Hi sicon,

thanks a lot for input. I'm not sure whether I understand that, because there is no special blocking rule beside the "default rule" at "general setup" (rule 13:1). So it's not possible to turn something around.

This is in general my setup:

- default rule: block
- several self defined pass rules that (should) make exceptions of this default block rule; and one of these rules is 4:3

How would you setup firewall so that

- server is allowed to go outside for, let's say, pulling antivirus updates via http and
- incoming answers are accepted?

Thanks for your efforts,
Stefano

Are you only allowing the server to go outside the firewall on port 80?

What about other devices on the network?

The router as Standard will Pass anything going out but Block incoming.

If you have has changed the default Rule to Block then change it back to Pass

In the Filter Set up create a LAN>WAN Rule that is Block Unless further match for Everything.

underneath that rule create another that is LAN>WAN Source 192.168.0.1 destination ANY (or the address or where you want your updates) and server as HTTP (80) or HTTPs (443) and PASS immediately.

that will now Block EVERYTHING going out except 192.168.0.1 on port 80 or 433