Rule allowed but policy-deny?

Reply
L3 Networker

Rule allowed but policy-deny?

Hi, We have something strange in our firewall. We have a client/computer with Sonos software and the software need to update. When we click update in the software we get a message that something is wrong. So I checked our firewall and in the monitor I can see that the update needs to get pulled from akamai and it is denied. So I created a rule that the user have the permission to access this website. The update is still not working and I can see that in the monitor my allow rule is hitted but the session end reason is policy-deny. How to fix this?
L5 Sessionator

Re: Rule allowed but policy-deny?

Hi @ZEBIT,

 

Could you post a screenshot of both the traffic logs with policy deny, and the security policy rule you would like this traffic to hit please?

 

Thanks,

Luke.

L3 Networker

Re: Rule allowed but policy-deny?

Hi Luke, I have found the solution. First of all add the following addresses: update.sonos.com update-firmware.sonos.com After that create an allow rule for the AD group with destination the two addresses. When this is finished create a no decrypt rule to these two destination addresses. Software and firmware update like a charm :)
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!