Best way to allow ALL traffic for troubleshooting

Reply
Highlighted
L2 Linker

Best way to allow ALL traffic for troubleshooting

Hi people, 

 

I want to troubleshoot a connectvity issue.... typical problem where server guy says "it's a firewall issue". Can anyone suggest what's the best way to allow all traffic? I was thinking of traffic from my source (10.0.0.0/8) to destination B10.1.0.0/8) but use 

Application: ANY

Service: ANY

log both start and stop

turn off virus checking, 

turn off anti spoofing. 

 

I want to avoid any issues with application ports and service types. Is service any, application any the best way to make the policy to allow all traffic? Or should i consider specifying application unknown-tcp and unknown-udp with service any or application default?

 

Any suggestions would help. thank you. D

 

 


Accepted Solutions
Highlighted
Cyber Elite

@Jedi_D,

I would generally do exactly what @JoeAndreini mentioned at the end of his post. Simply override the logging on the intra/inter zone rules and see what the logs have to say. This way you aren't opening up anything for testing purposes but you can still see what the traffic looks like. 

As a side note also ensure that you are looking in the unified logs and not just the traffic logs. Traffic may be allowed, however a threat is being identified that causes the firewall to close the session. 

View solution in original post


All Replies
Highlighted
L4 Transporter

application unknown-tcp and unknown-udp will block all KNOWN applications

 

app any/service any would be best IMO - make sure the rule is universal to truly allow ANY traffic.

 

The logs will show you what applications and ports are actually in use.

 

alternately, override the default allow and deny rules to add logging, and you will see if there is any traffic being allowed or denied silently without opening the firewall to all traffic.

Highlighted
Cyber Elite

@Jedi_D,

I would generally do exactly what @JoeAndreini mentioned at the end of his post. Simply override the logging on the intra/inter zone rules and see what the logs have to say. This way you aren't opening up anything for testing purposes but you can still see what the traffic looks like. 

As a side note also ensure that you are looking in the unified logs and not just the traffic logs. Traffic may be allowed, however a threat is being identified that causes the firewall to close the session. 

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!