Missing Zone Assignment

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Missing Zone Assignment

L1 Bithead

I have an issue where traffic coming in one zone is not being forwarded to the right zone.  It seems the destination zone is not being assigned right when the session is setup.  It seems to be matching the predefined intrazone policy trust-trust.   Has anyone seen this before? 10.46.36.11 should be part of a zone called KNAPP, but it is not assigned in the session below.

 

704116 undecided ACTIVE FORW 172.16.4.28[6516]/VPN/1 (0.0.0.0[0])
vsys1 10.46.36.11[48385]/ (0.0.0.0[0])
4191163 undecided ACTIVE FORW 10.40.42.61[53030]/VPN/1 (0.0.0.0[0])
vsys1 10.46.36.11[87]/ (0.0.0.0[0])

2 REPLIES 2

Cyber Elite
Cyber Elite

Hello,

Are the interfaces in the proper zone? What do the log say with regards to the traffic and zone. What about the virtual router? Any routes there that could be causing this?

 

Regards,

Zones were right, but it seems the issue was a couple of things.  First, the security policy that matched the application failed to match the service connection so it discarded it.  The second part was a pbf that caused it to route a different path.

  • 2248 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!