firewall policy SD-WAN
Hello.
I would like to run the following site on a sub line using SD-WAN
https://xxxxxxxx.com/
The firewall policy I have set up for this is as follows
Protocol: ANY
Source: Any-Trust,Trust
Destination: *.xxxxxxxxxxxxx.com
When the site is accessed with this policy set up, traffic flows to the sub-lines as expected, but when a file is uploaded to the site, traffic is not sent to the sub-lines,
However, when uploading files to the site, the traffic flows to the main line.
What is the possible cause of this?
I'm withholding the name of the site, but will let you know if necessary.
0
Best Answer
Sign In to comment.
Answers
So what is different for the web site access and the file upload to cause a different policy to be used for each?
What does Traffic Monitor show for both?
The actual site will be ↓.
https://gigafile.nu/
Firewall Policy
1.secondary wan (protocol: ANY)
2. primary wan (protocol: ANY)
The policy for secondary wan specifies the FQDN (*.gigafile.nu) and when the site is accessed, the traffic monitor will show the policy for secondary wan.
Then when doing a file upload at the site, the address was probably 116.80.129.28 (116-80-129-28.gigafile.nu). I checked this with Wireshark. This IP address 116.80.129.28 was hit by the policy for Primary WAN (destination: Any-External).
I originally assumed that it would match secondary wan since it was specified in *.gigafile.nu.
In this case, is the policy for secondary wan incorrect?
I have provided a link which describes how Fireware resolves a FQDN into IP addrs in previous topics from you.
Please review it.
*.gigafile.nu does not match gigafile.nu
There are very likely multiple IP addrs for *.gigafile.nu and just a single IP addr for gigafile.nu
Do I need to create policies in *.gigafile.nu and gigafile.nu respectively?
Why not have them both on the same policy To: field?
I just specified *.gigafile.nu and gigafile.nu in one policy and checked. However, the policy did not match and SD-WAN did not work properly.
I do not know why 133-149-218-54.gigafile.nu does not match *.gigafile.nu.
One possible reason - if access to 133.149.218.54 is hard coded, then the firewall will not see a DNS resolution for it, and thus will not know that it would match *.gigafile.nu.
Another is that some other domain name also resolves to 133.149.218.54, and that was used by the file upload instead of something which matched *.gigafile.nu.
Packet captures should show what DNS names are being resolved for the file upload.
Thank you.
I guess I'll have to give up on SD-WAN at this point, or just specify one IP address at a time...
On one PC, “https://gigafile.nu/” matched on gigafile.nu and SD-WAN was working. On another PC, “https://gigafile.nu/” did not match on gigafile.nu and SD-WAN was not working.
I checked the “who is” for addresses matched by gigafile.nu and also matched FQDNs that are not gigafile.nu. Are these events also causing SD-WAN to not work properly?
The ↓ is the result of the IP address search with “who is”.
zz2019405184D30FC7A6.userreverse.dion.ne.jp
113-43-138-138.nu-face.jp
183.177.133.205.ap.gmobb-fix.jp
133-149-218-57.gigafile.nu
107-153-18-16.gigafile.nu
107-153-18-15.gigafile.nu
133-149-218-99.gigafile.nu
I understand.
Thanks for all the help you've given me.
If you understand, why did you just post a question showing that you don't understand.
I do not understand. I replied that I understood the meaning of OK, not understanding. I am translating Japanese so sorry if there is a difference in interpretation.