- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-26-2020 05:15 AM
I have an issue where traffic coming in one zone is not being forwarded to the right zone. It seems the destination zone is not being assigned right when the session is setup. It seems to be matching the predefined intrazone policy trust-trust. Has anyone seen this before? 10.46.36.11 should be part of a zone called KNAPP, but it is not assigned in the session below.
704116 undecided ACTIVE FORW 172.16.4.28[6516]/VPN/1 (0.0.0.0[0])
vsys1 10.46.36.11[48385]/ (0.0.0.0[0])
4191163 undecided ACTIVE FORW 10.40.42.61[53030]/VPN/1 (0.0.0.0[0])
vsys1 10.46.36.11[87]/ (0.0.0.0[0])
03-26-2020 07:43 AM
Hello,
Are the interfaces in the proper zone? What do the log say with regards to the traffic and zone. What about the virtual router? Any routes there that could be causing this?
Regards,
03-26-2020 02:46 PM
Zones were right, but it seems the issue was a couple of things. First, the security policy that matched the application failed to match the service connection so it discarded it. The second part was a pbf that caused it to route a different path.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!