Search results

What communications do you want to allow for the Docker containers?

Great!, thank you very much for the answer.

Hi Jeremy, We have already solved the problem with the target x86_64-unknown-linux-musl in the RPM package process generation. Thanks to this it is now possible to install FWCloud-Agent in RHEL7, RHEL8 and many other RPM Linux based distributions. Please, install the new FWCloud-Agent release...

We have just released FWCloud-Agent 1.2.2. This is a patch releases in which we have improved some issues: - IPTables package dependency for both `deb` and `rpm` packages. - GitHub actions `rpm` package generation task for use `--target=x86_64-unknown-linux-musl`. This way the FWCloud-Agent...

We have just released FWCloud-API 1.7.2 and FWCloud-UI 1.6.1. These are patch releases in which we have solved some bugs: - Solved problems with the display of the checking for updates dialog. - Bug in `iptables-save` import procedure when `-p tcp` and `-m tcp` are used at the same time in...

Hi, Yes, in fact we have a GitHub repository with a docker compose file for FWCloud: https://github.com/soltecsis/fwcloud-docker

As you can see in the log, the received packet is a TCP RST (https://www.pico.net/kb/what-is-a-tcp-reset-rst/). Have you checked the communication from this host? Goes it fine?

Who is the owner of the source IP (172.16.1.109) ? Is the FortiGate ? If you try the communication from any other host connected to the same network, goes it fine ?

Hi Jeremy, For the RPM package generation we use this YAML code as part of the CI (GitHub Actions) of the FWCloud-Agent repository: rpm-package: needs: [build] runs-on: ubuntu-latest name: RPM package steps: - uses: actions/checkout@v2 - name: Install required...

No risk, only have in mind that you are working with a stateless firewall and maybe you will need to create additional rules. Your firewall is only for the INPUT chain and you don't need to create rules for the OUTBOUND traffic because the default rule allows it all. Then the change should be...

I think that issue 1 will be related with the FortiGate too. You are welcome, if need more help contact us again.

Then the solution is to replace your "real" firewall with another one managed by means of FWCloud, you can even use a vm based firewall cluster ... I'm just joking ;-) Maybe your FortiGate perimetral firewall is altering the network traffic in some way that affects the state that FWCloud uses...

May you execute the policy load script manually and paste the output? /etc/fwcloud/fwcloud.sh

Please, don't forget to answer my last question:

On question more ... the problem arises with all ports that you have allowed in your firewall or only with some of them?

That is not normal in a so simple firewall. Is it possible that you put here the policy load script generated by the firewall compilation process? And can you copy and paste the output of the ip a command executed in your firewall?

We have firewalls over the VMware hypervisor. The hypervisor should not be the problem. Why have you created this custom "catchall" rule if you already have the default catch-all rule? Is this a stateful firewall or stateless? The screenshot is for the input policy?

Can you put here screenshots of your firewall policy?

Forget about it, if it is a fresh Linux install it not should be the origin of the problem. I think that the tcpdump command output will be useful for analyze the problem.

We usually use vm as firewalls over Proxmox hypervisors. I think that the problem is not here. Maybe you are receiving out-of-order packages ... In the log I see an ACK SYN packet that can come from a previous TCP flow already closed in the firewall, is it possible? Have you altered the TCP...