SSH traffic on one policy appears to be denied by a policy that is currently disabled. How is that even possible?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

SSH traffic on one policy appears to be denied by a policy that is currently disabled. How is that even possible?

L1 Bithead

I created a policy (number 21) that allows several types of traffic outbound (ssh, https, tcp 8989, tcp 61000 - 65535, and UDP 1024-65535).  All traffic seems to be passing except SSH, which is being blocked by policy number 25, which is supposed to be disabled.  During troubleshooting, it looked like policy 25 was responsible for denying my SSH traffic, so I disabled policy number 25 to continue troubleshooting, but when I look at the monitor, policy 25's name is being referenced as the reason the SSH traffic is being denied.  Is there something more to disabling a policy other than just highlighting the policy, and clicking the disable button?  The policy is "greyed out" so it looks like it's disabled, but my SSH traffic still isnt flowing.

4 REPLIES 4

Community Team Member

Hi @pehlmanj ,

 

After disabling a policy, please commit your changes to the firewall. Once committed, the disable should be enforced for new traffic. 

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Sorry, I should have mentioned that I did commit the change.

Cyber Elite
Cyber Elite

@pehlmanj,

The only way that makes any sense is if you've modified defaults so that 'rematch sessions' is not enabled, or you didn't actually commit the change. If you've actually committed the changes the only way this makes sense is if you've disabled rematch sessions in which case you'll want to change that back to default and just enable it again.

"Rematch sessions" is enabled. (It was never disabled).  And changes were committed.  The rule in question is showing up as "greyed out" but the monitor is still pointing to it as the cause of my SSH denials.

  • 484 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!