Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
junior_kakou
Contributor

edit policies

Hello everyone;

I need your help to solve a problem.

After an error message from smartconsol R81.10, I could no longer display the policies
and I had to reset the FW. i reset it and installed R81.20

this is a diagram of the Network.

schema réseau.png

Interface design.png

The dhcp server is activated on eth3 on which a cloudkey with access points is connected
(192.168.2.0).

DHCP serveur.png

The problem is that rule 5 doesn't allow access points to distribute |p addresses to devices.

Capture d'écran 2023-10-30 090134.png

When the cleanup rule is "accept" enabled, access points distribute IP addresses, but not when it's "drop" 
when in normal "drop" mode.

I'd like to know how to write the rules so that Pa can distribute addresses to the lan (192.168.2.0) eth3.

thank you

Translated with DeepL

0 Kudos
7 Replies
the_rock
Legend
Legend

When rule 5 was enabled, did you ever do zdebug to see why its dropped?

Andy

0 Kudos
junior_kakou
Contributor

this is the resulte after zdebug command
[Expert@GW-xxxx:0]# zdebug
bash: zdebug: command not found
[Expert@GW-xxxx:0]#

0 Kudos
the_rock
Legend
Legend

Thats not how you do it. Say if IP you checking for is 1.2.3.4, you run

 

fw ctl zdebug + drop | grep 1.2.3.4

 

Andy

0 Kudos
junior_kakou
Contributor

sortie commande.png

0 Kudos
the_rock
Legend
Legend

I would do firewall captures to make sure why connection is not completing...ie tcpdump and fw monitor.

Andy

0 Kudos
Zolocofxp
Contributor

Check your routing tables... It appears traffic from source 192.168.2.141 is not going through the firewall, only return traffic. 

the_rock
Legend
Legend

Very good point actually.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events