VMware Cloud Community
yetanothertechi
Contributor
Contributor
‎05-01-2014 06:37 AM

vShield app firewall rules ignored

I'm running vCNS v5.5.0a with a load of vShield App firewall rules set up. When I check the syslogs for traffic matching the default any<>any rule, there are packets that matched rules and never should have reached the default rule. The source and dest IP address, and dest port definitely match other rules so i can't see why the rule higher up the list didn't catch the packets.

It's happening for various ports, e.g. DNS, Active Directory LDAP/Kerberos and the odd application. Anyone know why this is going on?

Thanks for any help.

0 Kudos
1 Reply
yetanothertechi
Contributor
Contributor
‎05-02-2014 02:36 AM

One thing I have noticed is that for packets with the same dest IP address and port, some are caught by the relevant firewall rule as it should, but some make it down to the default any<>any rule. The difference is that the packets that do match the relevant rule are SYN packets, and the ones that make it to the defualt rule are ACK packets.

Is there a way in vShield App to cater for this? I didn't think the packet type would matter; as long as the source/dest IP and dest port matched then that would be all that mattered.

0 Kudos