Missing Zone Assignment

Reply
Highlighted
L1 Bithead

Missing Zone Assignment

I have an issue where traffic coming in one zone is not being forwarded to the right zone.  It seems the destination zone is not being assigned right when the session is setup.  It seems to be matching the predefined intrazone policy trust-trust.   Has anyone seen this before? 10.46.36.11 should be part of a zone called KNAPP, but it is not assigned in the session below.

 

704116 undecided ACTIVE FORW 172.16.4.28[6516]/VPN/1 (0.0.0.0[0])
vsys1 10.46.36.11[48385]/ (0.0.0.0[0])
4191163 undecided ACTIVE FORW 10.40.42.61[53030]/VPN/1 (0.0.0.0[0])
vsys1 10.46.36.11[87]/ (0.0.0.0[0])

Highlighted
Cyber Elite

Re: Missing Zone Assignment

Hello,

Are the interfaces in the proper zone? What do the log say with regards to the traffic and zone. What about the virtual router? Any routes there that could be causing this?

 

Regards,

Highlighted
L1 Bithead

Re: Missing Zone Assignment

Zones were right, but it seems the issue was a couple of things.  First, the security policy that matched the application failed to match the service connection so it discarded it.  The second part was a pbf that caused it to route a different path.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!