10-01-2019 03:08 PM - edited 10-01-2019 06:01 PM
We have a 3020 firewall with version 8.0.10 and need to allow a new server access to resources in other zones. An existing server, 10.100.100.10 already has this access, so I need to mimic the access of this server.
In Objects\Addresses there is an entry for 10.100.100.10 with the name Server1.
In Objects\Address Groups there are a couple of groups in which server name Server1 belongs.
In Policies\Security, when I search for Server1, four Security Policy Rules result. When I check them, all have Server1 in either Source or Destination.
When I search Policies\Security using the Server1 IP address, 10.100.100.10, a half dozen result, two of the results have Server1 name, but the other four don't. I checked these four, and they don't have the server name or IP address anywhere in the rule.
I appreciate any help in understanding the logic of how the other four policies result by IP address.
Thank you.
Jeff
10-02-2019 02:53 AM
Hi @jeff6strings ,
Maybe you have another object in there that contains the private address space range ?
For example if you have an object or a group that contains the private range 10.0.0.0/8 then 10.100.100.10 would also return in your search result while not having the IP address explicitly configured.
Cheers !
-Kiwi.
10-02-2019 02:53 AM
Hi @jeff6strings ,
Maybe you have another object in there that contains the private address space range ?
For example if you have an object or a group that contains the private range 10.0.0.0/8 then 10.100.100.10 would also return in your search result while not having the IP address explicitly configured.
Cheers !
-Kiwi.
10-02-2019 04:28 AM
with "Object NAME" just the server is found.
with "IP" the server and any groups it belongs to are returned.
It's just the way the search works, not sure if it's different in later versions.
10-02-2019 12:34 PM
I didn't think of that and there is an object with a 10.100.100.0/24. I checked the other rules and they do have this object as either source or destination.
Thank you.
Jeff
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
