topic Re: Rule allowed but policy-deny? in General Topics

Rule allowed but policy-deny?

ZEBIT — Thu, 05 Jul 2018 06:23:54 GMT

Hi, We have something strange in our firewall. We have a client/computer with Sonos software and the software need to update. When we click update in the software we get a message that something is wrong. So I checked our firewall and in the monitor I can see that the update needs to get pulled from akamai and it is denied. So I created a rule that the user have the permission to access this website. The update is still not working and I can see that in the monitor my allow rule is hitted but the session end reason is policy-deny. How to fix this?

Re: Rule allowed but policy-deny?

LukeBullimore — Thu, 05 Jul 2018 07:35:11 GMT

Hi @ZEBIT,

Could you post a screenshot of both the traffic logs with policy deny, and the security policy rule you would like this traffic to hit please?

Thanks,

Luke.

Re: Rule allowed but policy-deny?

ZEBIT — Thu, 05 Jul 2018 08:52:45 GMT

Hi Luke, I have found the solution. First of all add the following addresses: update.sonos.com update-firmware.sonos.com After that create an allow rule for the AD group with destination the two addresses. When this is finished create a no decrypt rule to these two destination addresses. Software and firmware update like a charm 🙂