Traffic management not limiting traffic in Forward direction
Hello
Have a Policy set up to handle traffic coming in on one of the FTP servers.
Nothing special
From: External
To: SNAT (Pub ip add to Local ip )
and I have a traffic management on both Forward and reverse direction
last week I saw the WAN line was peaking and traced it back to an FTP transfer.
The FTP session is hitting the right policy confirmed by traffic monitor.
So the policy is limiting traffic only one way and that is
FROM server TO client
Not
FROM client TO server
It is the latter I just don`t seem to get to work, I have had a colleague double check as well.
So the test have been to transfer a big file to and from the FTP server (from the outside/external) to see if there is a traffic in the Firebox system manager sub-tab traffic management
So far I am seeing no hits on the Forward direction, meaning FROM Ext interface TO (SNAT)internal host, only the Reverse direction.
I am very open for suggestion 😊
Comments
Sounds like you may have another policy handling the inbound FTP traffic if your SNAT policy isn't showing any traffic while a transfer is taking place. This is assuming you have logging enabled. Check for any inbound policies on port 21.
Also, since policies are either inbound, or outbound, any Traffic Management Action assigned to a specific policy will only limit the bandwidth in the direction of that particular policy.
Lastly, since it wasn't specified, I have to assume you have two FTP polices configured. One is the inbound SNAT, the other a policy from Any Trusted to Any External or Optional for outbound FTP connections.
It's usually something simple.
Hey Shaasaminator
Thank you for your reply
I would also normally assume that the traffic is hitting a another policy also. But i confirmed it with logs and traffic monitor.
Just in from the case i made, it looks like a bug in the Firmware where the traffic mgmt profiles is not apply properly to VLANs with LAG config , it is solved in the latest version 12.7.1
cheers
Hey @robtve86 ,
So running Link Aggregated VLAN's is "nothing special" eh?
Wonder what the rest of your firebox configuration looks like. :-D
Happy support figured out the issue and thanks for letting us know about the bugfix.
Take Care.
It's usually something simple.