- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-09-2018 09:49 AM
Hi people,
I want to troubleshoot a connectvity issue.... typical problem where server guy says "it's a firewall issue". Can anyone suggest what's the best way to allow all traffic? I was thinking of traffic from my source (10.0.0.0/8) to destination B10.1.0.0/8) but use
Application: ANY
Service: ANY
log both start and stop
turn off virus checking,
turn off anti spoofing.
I want to avoid any issues with application ports and service types. Is service any, application any the best way to make the policy to allow all traffic? Or should i consider specifying application unknown-tcp and unknown-udp with service any or application default?
Any suggestions would help. thank you. D
05-09-2018 12:43 PM
I would generally do exactly what @JoeAndreini mentioned at the end of his post. Simply override the logging on the intra/inter zone rules and see what the logs have to say. This way you aren't opening up anything for testing purposes but you can still see what the traffic looks like.
As a side note also ensure that you are looking in the unified logs and not just the traffic logs. Traffic may be allowed, however a threat is being identified that causes the firewall to close the session.
05-09-2018 10:25 AM
application unknown-tcp and unknown-udp will block all KNOWN applications
app any/service any would be best IMO - make sure the rule is universal to truly allow ANY traffic.
The logs will show you what applications and ports are actually in use.
alternately, override the default allow and deny rules to add logging, and you will see if there is any traffic being allowed or denied silently without opening the firewall to all traffic.
05-09-2018 12:43 PM
I would generally do exactly what @JoeAndreini mentioned at the end of his post. Simply override the logging on the intra/inter zone rules and see what the logs have to say. This way you aren't opening up anything for testing purposes but you can still see what the traffic looks like.
As a side note also ensure that you are looking in the unified logs and not just the traffic logs. Traffic may be allowed, however a threat is being identified that causes the firewall to close the session.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!