|
When a VDOM is changed from policy-based to profile-based base there can be situations where certain issues might occur, especially with loopback interfaces.
In such instances, consider the following configurations and make sure they are correctly configured.
- Loopback Interface Configuration.
Ensure the loopback interface still has the correct IP address and is enabled.
Confirm that ping, HTTPS, and SSH are allowed on the loopback interface.
- Firewall Policies.
In profile-based mode, it is required to configure explicit firewall policies for traffic to reach the loopback interface.
Create a policy from the WAN interface to the loopback interface allowing the necessary services (ping, HTTPS, SSH).
- Routing.
Ensure there is a route back to the source IPs trying to access the loopback.
If the loopback IP is public, make sure it’s advertised properly or reachable via a static/default route.
- VIP or DNAT.
If the public IP is NATed to the loopback, ensure the VIP (Virtual IP) or DNAT rules are still in place and correctly mapped.
- Security Profiles.
In profile-based mode, security profiles (like IPS, AV, etc.) can block traffic if misconfigured.
Temporarily disable profiles in the policy to test if they are causing the issue.
- Session Helper or Local-In Policies.
Check if any local-in policies are blocking access to the loopback.
- NAT Settings.
If NAT is enabled in the policy, ensure it’s not overriding the destination IP or causing asymmetric routing.
|
