Hello team,
I have a problem with matching a policy.
The policy in question is:
the policy logs (one is an example of a correct match and the 'other of a wrong match)
I can't figure out why they don't both match the same policy.
Thanks for the support
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi@luca1994 ,
You should exempt DNS traffic from the captive portal. Requiring authentication for DNS traffic will cause the clients to be unable to resolve domain names, which is needed in order to trigger the captive portal login page.
HI @luca1994 ,
I see two differences on the provided logs :
-Allowed traffic is doing SNAT
-Blocked traffic shows Denied by Thread
Hi @dbu ,
yes but why in your opinion ?
I would have expected it to pass correctly and not "Denied bt Thread"
Thanks for the support
BR
Hi,
The only explanation i can see here, is that the user in question on the right side, isnt part of that group defined in the policy.
Whereas on the left side, no user was identified in the traffic so it was allowed.
Hi @funkylicious , thanks for the response.
The user in question on the right side is a guest user, infact in the section "guest management" is correctly present. Then there are a one guest group configured as follows:
And this group is in the policy. Any other suggestion for me?
Thansk for the support
BR
Hi@luca1994 ,
You should exempt DNS traffic from the captive portal. Requiring authentication for DNS traffic will cause the clients to be unable to resolve domain names, which is needed in order to trigger the captive portal login page.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1073 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.