[SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working

[SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working

[SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working
[SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working
Saturday - last edited 19 hours ago
Model: SG3218XP-M2  
Hardware Version: V1
Firmware Version: 1.0.5 Build 20241104 Rel.41704

ACL setup

 

IP-Port Group: Nginx 443

 

IP Group: Nginx

 

Issue:

I can't access Nginx homepage with this setup.

 

Wireguard captured packets

 

Everything work just fine once I disable ACL rule 11 and 12.

 

Expected:

ACL rule 9 and 10 will override the below rules once matched.

 

Note:

If rule 9 and 10 is setup with IP and Protocol = TCP will have the same issue.

However, change the Protocol = ALL resolves the issue

  0      
  0      
#1
Options
1 Accepted Solution
Re:[SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working-Solution
Yesterday - last edited Yesterday

Hi @yliu 

Thanks for posting in our business forum.

That probably does not only rely on TCP 443. That's why when you set it as ALL before it works as expected. This is common. Some services may not work if you block ICMP though it seems to be unrelated.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  2  
  2  
#2
Options
2 Reply
Re:[SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working-Solution
Yesterday - last edited Yesterday

Hi @yliu 

Thanks for posting in our business forum.

That probably does not only rely on TCP 443. That's why when you set it as ALL before it works as expected. This is common. Some services may not work if you block ICMP though it seems to be unrelated.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  2  
  2  
#2
Options
Re:[SG3218XP-M2] Permit ACL with IP-Port or IP (protocol not ALL) not working
Yesterday

  @Clive_A Thank you for resolving my doubt so promptly!

 

My connection went through after removing ICMP from the Deny rule wink

  1  
  1  
#3
Options