Re: edit policies

junior_kakou · ‎2023-10-30

Hello everyone;

I need your help to solve a problem.

After an error message from smartconsol R81.10, I could no longer display the policies
and I had to reset the FW. i reset it and installed R81.20

this is a diagram of the Network.

schema réseau.png

Interface design.png

The dhcp server is activated on eth3 on which a cloudkey with access points is connected
(192.168.2.0).

DHCP serveur.png

The problem is that rule 5 doesn't allow access points to distribute |p addresses to devices.

Capture d'écran 2023-10-30 090134.png

When the cleanup rule is "accept" enabled, access points distribute IP addresses, but not when it's "drop"
when in normal "drop" mode.

I'd like to know how to write the rules so that Pa can distribute addresses to the lan (192.168.2.0) eth3.

thank you

Translated with DeepL

the_rock · ‎2023-10-30

When rule 5 was enabled, did you ever do zdebug to see why its dropped?

Andy

junior_kakou · ‎2023-10-30

this is the resulte after zdebug command
[Expert@GW-xxxx:0]# zdebug
bash: zdebug: command not found
[Expert@GW-xxxx:0]#

the_rock · ‎2023-10-30

Thats not how you do it. Say if IP you checking for is 1.2.3.4, you run

fw ctl zdebug + drop | grep 1.2.3.4

Andy

junior_kakou · ‎2023-10-30

sortie commande.png

the_rock · ‎2023-10-30

I would do firewall captures to make sure why connection is not completing...ie tcpdump and fw monitor.

Andy

Zolocofxp · ‎2023-10-30

Check your routing tables... It appears traffic from source 192.168.2.141 is not going through the firewall, only return traffic.

the_rock · ‎2023-10-30

Very good point actually.

Are you a member of CheckMates?

edit policies