intrazone default

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

intrazone default

L1 Bithead

Hello,

I am observing that tcp connection between two hosts remaining in the same zone are not able to establish TCP connections [htts], while ICMP is successful. Tracing the traffic it shows up as application incomplete, rule intrazone default is hit.

Therefore, I was wondering whether TCP traffic within intrazone traffic is allowed.

 

I would appreciate any advice.

 

Thanks,

 

 

3 REPLIES 3

Cyber Elite
Cyber Elite

Hello @Martin2K 

 

the intrazone-default has action allow by default. The application incomplete indicates that either server did not reply or there was not enough traffic to recognize the application. Here is KB for reference: Not-Applicable, Incomplete, Insufficient Data in the Application Field. To drill down into details, could you check logs from Monitor > Logs > Traffic, then search the log and click on magnifying glass on left side, then navigate to Details and check Bytes Sent & Bytes Received. If there is no Bytes Received this would indicate no response from server.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

L1 Bithead

Thank you Pavel.

I drilled deeper and packets are transferred.

Application: incomplete

Rule: intrazone-default

Session End Reason: aged-out

 

Cyber Elite
Cyber Elite

Hello @Martin2K

 

thank you for reply.

 

The application incomplete is expected in this case, there is no return traffic (Packet Received is 0):

 

PavelK_0-1695426459314.png

 

As next, I would be looking into why there is no response. If you have access to server, I would check server side.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
  • 1160 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!