Business Community > Switches > [SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working
< Switches

Troubleshooting [SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Troubleshooting [SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Troubleshooting[SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working
[SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working
2024-11-23 17:17:21 - last edited 2024-11-26 00:34:24
Tags: #ACL #Highlighted Thread
Model: SG3218XP-M2  
Hardware Version: V1
Firmware Version: 1.0.5 Build 20241104 Rel.41704

ACL setup

 

IP-Port Group: Nginx 443

 

IP Group: Nginx

 

Issue:

I can't access Nginx homepage with this setup.

 

Wireguard captured packets

 

Everything work just fine once I disable ACL rule 11 and 12.

 

Expected:

ACL rule 9 and 10 will override the below rules once matched.

 

Note:

If rule 9 and 10 is setup with IP and Protocol = TCP will have the same issue.

However, change the Protocol = ALL resolves the issue

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:[SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working-Solution
2024-11-25 01:45:55 - last edited 2024-11-25 15:39:49

Hi @yliu 

Thanks for posting in our business forum.

That probably does not only rely on TCP 443. That's why when you set it as ALL before it works as expected. This is common. Some services may not work if you block ICMP though it seems to be unrelated.

Recommended Solution
  2  
  2  
#2
Options
2 Reply
Re:[SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working-Solution
2024-11-25 01:45:55 - last edited 2024-11-25 15:39:49

Hi @yliu 

Thanks for posting in our business forum.

That probably does not only rely on TCP 443. That's why when you set it as ALL before it works as expected. This is common. Some services may not work if you block ICMP though it seems to be unrelated.

Recommended Solution
  2  
  2  
#2
Options
Re:[SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working
2024-11-25 15:43:26

  @Clive_A Thank you for resolving my doubt so promptly!

 

My connection went through after removing ICMP from the Deny rule wink

  1  
  1  
#3
Options

Information

Helpful: 0

Views: 572

Replies: 2

Tags

ACL Highlighted Thread
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.