Just wondering if anyone else seen this weird behaviour. And funny enough it only happens in one cluster - others with similar setup do not experience the same problem.
GW is running R80.40 T156 and we are using IOC feed configured in CLI. After enabling feed all works as expected. But as soon as we push TP policy, feed stops working (meaning users can access sites that should be blocked). If we inactivate/activate feed, it works again - sites are being blocked. Access policy install does not affect it.
We tried:
- upgrading to T156 from T139
- changing enforcement balde AB <> AV
- reduced the list to one entry
But still no joy.
The only suspect could be EVAL (valid) license but that's a very long shot.
Debugging with $FWDIR/bin/ioc_feeder -d -f did not produce any valuable info in log files.
Logs just show accept on access policy but nothing from TP poplicy layer