I have a strange issue where the firewall does not match traffic to spefic rule and ultimately drops the traffic on the cleanup rule.
firewall cluster in HA using VRRP
The rule i expect it to match on is rule 67 whereas cleanup is rule 112 in this policy
The rule looks similar to;
Object_group_src -> Object_group_Dst on TCP/3389 permit and place into vpn community
within the object_group_src there are approx 14 different subnets. all subnets within this group have no issues except for the subnet 10.10.25.0/24, which for some reason bypasses the rule and goes straight to cleanup.
I have checked and quadruple checked the src, dst and service and all should match the rule as intended but the logs still show dropped against the cleanup rule.
I have done a packet capture and confirmed the traffic matches the rule, i have installed policy and database.
I have attempted to create a specific rule to match the traffic to no avail it still goes straight to cleanup.
now i am at a loss
The only things i can see that i can try now is failover the cluster to see if this is just a problem isolated to the single member and or disable secureXL to see if this is misbehaving with the traffic in someway.
any advice would be appreciated.
Using R80.10 if that matters.