I think i found the problem:
When i enable the SYN Flood protection on the corrospending port-forwarding rule for my webserver together with suricata enabled on green network, then i couldn’t reach the webserver.
I had to do one of the 3 things to get access again:
- disable suricata on green
- exclude green network or single ip-adresses in green network in suricata
- disable SNY Flood Protection in firewall rule
Again, this only occurs on access from green to webserver in dmz (orange). And i have no clue, why this only is a problem in this combination.
Then again i looked at my port forwarding rule and thought, if there is something wrong?
Hope it’s readable somehow, cause it’s german installation.
Edit: I want to add, that I got no entries in suricata-log since last core update. I think that has to do with disabling the “noisy” rules?