Troubleshooting policy rules not working

Hi,

M400 running 12.7.1

Have a policy rule setup to allow DNS queries from a list of internal DCs out to any external. The rule works for the existing servers but when we added 2 new servers to the group, it doesn't work on those new servers. The traffic log shows the traffic as Denied (unhandled Internal Packet-00). Any thoughts on how to troubleshoot this?

Thanks.

Comments

  • Have you tried to use the policy checker? So you can see if the packets is going to a highest priority proxy rule

  • Are the IP addresses on the new servers added to the From list on your DNS outbound policy?

    It's usually something simple.

  • @GeorgeW2 - We are using the fireware policy manager. I can search for policies to ID the server IP / port 53 but nothing seems to conflict. The WG help doc on policy checker looks like its only in the web manager which we are not using.

    @shaazaminator - Yes. We just added the new servers in the same format as the previous servers to the policy (server name/IP).

    Full line from traffic monitor (replaced user name field with *):

    2021-08-18 10:08:14 Deny 10.0.0.23 128.63.2.53 dns/udp 54664 53 TrustedLAN External Denied 99 127 (Unhandled Internal Packet-00) proc_id="firewall" rc="101" msg_id="3000-0148" src_user="*****@*****" geo_dst="USA" Traffic

    2021-08-18 10:08:14 Deny 10.0.0.23 192.112.36.4 dns/udp 54664 53 TrustedLAN External Denied 88 126 (Unhandled Internal Packet-00) proc_id="firewall" rc="101" msg_id="3000-0148" src_user="*****@*****" geo_dst="USA" Traffic

    The external addresses are root hint servers.

    The policy works for the original servers just not for the 2 new ones.

  • Policy image at pasteboard.co/KgzX2Yo.png

  • Update: Got it working.

    @GeorgeW2 Found the web interface and got logged in. Policy checker showed no rule configured for the test details. Checked in the web interface policy viewer just to confirm settings and noticed that the new servers did not appear in the policy (web view). Went back and double checked on the app and the servers are listed there (I made sure to save the changes when first made).

    I edited the web version of the policy and all tested and worked ok.

    Question now is why/how is there a difference between the app and the web interface?

    Thanks.

Sign In to comment.