Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
the_rock
Champion
Champion

High bandwidth rule blocked Internet access

Hey guys,

I really need your opinion on this, just for my own sanity : - ). Worked with client last week testing something with IA blade and also url filtering and we created a rule on ordered url filtering layer that looked source -> his host, dst -> Internet, gambling category -> block and this worked fine. Now, 2nd rule was ALWAYS there to block high bandwidth from anywhere to Internet and there was never a problem with it.  3rd rule was always any any allow on this layer.

Somehow and I have no idea how or why this happened, after we disabled rule we created from his host to block gambling, no one could access Internet, everything was getting blocked from their Cisco web filtering appliance, though rule was there to allow it. We thought it had something to do with IA blade config, but even after we disabled, issue was there.

After some captures and debugs, we called TAC, as it was critical issue and we discovered that apparently this high bandwidth rule was causing the problem. To me, personally, this makes no logical sense at all. Why would going to google or any regular website be considered high bandwidth??!!. To solve the problem, we simply removed high bandwidth from the rule and issue was resolved after policy install.

Anyway, now all works fine, but they would really like to understand the reason why this happened. TAC keeps insisting that even R&D said many times that high bandwidth rule would cause this sort of issue, but in all honesty, neither customer or myself are sold on that explanation.

So, I would love your guys' opinion on it.

Thanks as always!

0 Kudos
0 Replies
This widget could not be displayed.