Simple Port Based Policy Issue
One of the users would like to establish a OpenVPN tunnel from his PC to his Synology device in the cloud over port 1701 (this is not the official port for openvpn).
So I created a custom policy and added a packet filter using port TCP 1701. As source I specified the fixed IP of the workstation and as destination the IP of the Synology.
Nothing else modified.
Now when the user tries to establish a VPN tunnel the Firewall shows:
Allow IP-of-PC Destination-IP L2TP trusted external application identified outgoing-00
5 sec later
Deny Destination-IP Firebox-IP 56751/UDP external firebox denied Unhandeled external packet-00
It looks like the incoming UDP packet cannot be related to the prvious outgoing session --> NAT issue?
I also tried to modify the Advanced Settings and unselect 1:1 NAT and under Dynamic NAT I selected "all trafic in this policy".
But this did also not help.
Any ideas on how to solve the issue?