Traffic of any type doesn't pass through SDWAN Firewall

Traffic of any type doesn't pass through SDWAN Firewall

book

Article ID: CTX262007

calendar_today

Updated On:

Description

  • Traffic is sent from Zone A to Zone B.
  • Firewall Policy (Policy A)is configured to ALLOW 10.10.10.x IP source to Any destination with Highest Priority. 
  • Another Firewall policy (Policy B) is set to DENY from Any source to Any destination with Least priority. 
  • Issue is that the Traffic always hits the Deny Rule. 
  • We could confirm the same by going to Monitoring --> Firewall --> Connections.

Resolution

  • Need to add an allow rule at the top of the table that matches all traffic with "Match Established" selected to make sure the return traffic is permitted. It worked as expected. 
  • Checked in the Connections table and found the State Established. 

Problem Cause

The issue is that the Match Established is enabled on the Policy. 



Match Established option only matches return packets for a connection that was allowed by some other rule
It is not going to allow the outbound traffic.
Powered by Wolken Software