topic Re: edit policies in General Topics

edit policies

junior_kakou — Mon, 30 Oct 2023 17:16:31 GMT

Hello everyone;

I need your help to solve a problem.

After an error message from smartconsol R81.10, I could no longer display the policies
and I had to reset the FW. i reset it and installed R81.20

this is a diagram of the Network.

The dhcp server is activated on eth3 on which a cloudkey with access points is connected
(192.168.2.0).

The problem is that rule 5 doesn't allow access points to distribute |p addresses to devices.

When the cleanup rule is "accept" enabled, access points distribute IP addresses, but not when it's "drop"
when in normal "drop" mode.

I'd like to know how to write the rules so that Pa can distribute addresses to the lan (192.168.2.0) eth3.

thank you

Translated with DeepL

Re: edit policies

the_rock — Mon, 30 Oct 2023 17:25:05 GMT

When rule 5 was enabled, did you ever do zdebug to see why its dropped?

Andy

Re: edit policies

junior_kakou — Mon, 30 Oct 2023 17:58:28 GMT

this is the resulte after zdebug command
[Expert@GW-xxxx:0]# zdebug
bash: zdebug: command not found
[Expert@GW-xxxx:0]#

Re: edit policies

the_rock — Mon, 30 Oct 2023 18:01:29 GMT

Thats not how you do it. Say if IP you checking for is 1.2.3.4, you run

fw ctl zdebug + drop | grep 1.2.3.4

Andy

Re: edit policies

junior_kakou — Mon, 30 Oct 2023 19:13:02 GMT

Re: edit policies

the_rock — Mon, 30 Oct 2023 19:58:04 GMT

I would do firewall captures to make sure why connection is not completing...ie tcpdump and fw monitor.

Andy

Re: edit policies

Zolocofxp — Mon, 30 Oct 2023 20:18:19 GMT

Check your routing tables... It appears traffic from source 192.168.2.141 is not going through the firewall, only return traffic.

Re: edit policies

the_rock — Tue, 31 Oct 2023 01:46:49 GMT

Very good point actually.