AnsweredAssumed Answered

R80 Inline Layer Issue

Question asked by Gaurav Pandya on Jan 11, 2019
Latest reply on Jan 17, 2019 by Dameon Welch-Abernathy

Hi,

 

I created an inline policy on R80.20.  I did it by going through the logs to see which access control rule was used for each app control rule.  Then I created layers and pasted all of the app control rules into appropriate layers assigned to each access rule per the action column.  I left entire the app control policy in place and pushed this policy out, and everything broke.  In the logs, I saw a lot of CP Early Drop.  A lot of the logs were the remote users trying to get DNS, but I know that more than only that traffic broke.  I restored an old policy to get it back up.

 

I’m not sure what I did wrong.  The CP Early Drop indicates the packets had no way out of the new policy.  I was sure to set each layer to implicit allow, and remove the default clean up rule that is added to each layer.  One possibility was that it was failing because I didn’t add a specific allow rule at the bottom of each layer.  However, I have not been able to replicate that as a problem in my lab.  Does anyone have any ideas?

Outcomes