A policy is configured as below that allows users to access the Internet during weekdays:

The following shows the configuration of the schedule configuration:

The users may not know that their Internet access is being restricted, hence users may be complaining that it is not possible to access the Internet.

In this example, user tries to access the Internet on weekend, which is out of the allowed schedule.

It is possible to check the debug flow of the user with the following command:

diagnose debug flow filter saddr < source_IP>

diagnose debug flow filter daddr <dest_IP>

diagnose debug flow show function-name enable

diagnose debug flow show iprope enable

diagnose debug flow trace start <number of packets to capture>

diagnose debug enable

When the user tries to access the resources out of the schedule, it is possible to see that the traffic is hitting the implicit deny policy (policy 0) despite there is policy 1 that was configured and enabled to allow the traffic.

It is possible to see that the debug flow filter highlighted that policy 1 is not active when the user tried to access the Internet:

Inform the user with regards to the resource access policy or review the firewall policy to determine whether to allow the users to access the resources out of the current defined schedule.