Managment Gateway Firewall is blocking IP Addreses listed in the Allowed IP's area!

Version 5


    The Blocked Address List on the Gateway overrides any Allowed Addresses that fall under a existing Blocked Address List IP or Range.  This is because the Blocked Address List is loaded into the firewall settings before the Allowed Address List.

    Note:  Currently this does not affect the 4.0 Version of the Management Gateway, only the 4.2 Version of the Management Gateway.

    For Example:

    If you have many machines located across a variety of 192.168.x.0 subnets and is Blocked in the LDMG Firewall then NO address in the Allowed section that starts with 192.168. will work.  If you drop the from the Blocked list everything works.


    This applies to ALL IP addresses or ranges in the Blocked Address List especially private IP 10-net, 172-net, and 192-net ranges, not just the 192.168 range.


    The Problem:

    What if you are trying to be more security conscious and want to lockdown internal access to the gateway from all the other internal machines.


    For Instance:
      • External Firewall NAT's a public IP address to the Internal Address of the Management Gateway
      • The External Firewall's Internal IP address is
      • The Management Gateway's Internal IP address is
      • A Network sniffer show that traffic goes between those 2 destinations without other hops.
      • The DMZ is where these machines are contained exist within the 192.168.7.x subnet.


    If the firewall has blocked, then no traffic gets to gateway, even when the specific internal IP addresses and ranges (,, are inserted into the Allowed area. No External traffic can access the gateway web pages unless their Public IP is specified in the Allowed address listing.


    If the is dropped then everything works correctly.  If you do not want to drop the whole range, and only want the subnet range to have access, then you have to find a work around.  One work around that has been tested is to block only the specific areas of the subnetting around 192.168.7 in the blocked area.


    Such as removing the and adding these entries:



    This is SPECIFIC to the range and will not work on other ranges.

    For other ranges to work you have to do some subnet calculations 




    1. Remove the blocked range completely.
    2. Replace the blocked range to work around the section.


    Such as this list not blocking the 192.168.7.x range: