- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Policies no longer accepting traffic
Issue here is that all of our filter policies are no longer accepting traffic. The log shows traffic but it's not hitting any of our policies. I've check to make sure it's pulling users and groups from our DC. Policies haven't changed (that I can see) I can't tell when this started. I have reloaded configs from previous dates. I'm at a loss here. Any help is appreciated. I know my input is a little vague. I can provide more if anyone has any clue on how to help. Thanks :-) EDIT: Disregard. I have figured out the order had gotten messed with. Overlooked it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Cory, At this time FGT are lowering traffic? At least the last rule, cleanup, have to match!
If it is a critical situation try reboot FGT,If it is a clsuter, try to reboot backup node and after reboot try to switch clsuter member.
For test, try to clone a rule and remove the users from source.
In this way you can see if it's a "user recognisation" issue.
If this rule match Try to verify the status of FSSO agent. If it is not match verify the performance of FGT, if it is in idle or if is 100% load.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The cli cmd diag debug flow and a filter or two will always reflect what policy is being hit and the action. It should ALWAYS be the 1st stepping diagnostics imho
Than the seq#-ordering should be looked at
Ken
PCNSE
NSE
StrongSwan