mam bardzo podstawowa konfiguracje zone based firewall ale cos nie chce dzialac, kiedy proboje sie polaczyc z out to in co moze byc nie tak? nie wiem jak z in to out bo robie to zdalnie ale prawdopodobnie tez nie idzie
opisz może z jakimi adresami IP masz problem i w jaki sposób próbujesz się połączyć. konfiguracja wygląda na poprawną, poza tym, że nie pokazałes czy strefy przypisałeś do interfejsów. czy sh log pokazuje jakieś dropy?
Z każdym upadkiem nabieramy większego doświadczenia.......to nie upadek czyni nas przegranymi, lecz brak chęci do powstania....
To nieładnie z jego strony. Te tracebacki pojawiają się za każdym razem jak zakładasz ZBFW, czy to jakaś przypadkowa historia? Zasadniczo jak pojawiają się częściej, to chyba przyda się TAC. Ewentualnie wymiana softu na inny.
Oct 4 09:49:42: %FW-6-DROP_PKT: Dropping udp session 72.246.184.10:3478 10.28.20.2:65284 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
Oct 4 09:50:27: %FW-6-DROP_PKT: Dropping tcp session 69.63.189.70:80 10.28.3.111:51275 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
Oct 4 09:51:15: %FW-6-DROP_PKT: Dropping tcp session 66.220.158.75:443 10.28.56.13:53542 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
Oct 4 09:51:53: %FW-6-DROP_PKT: Dropping tcp session 66.220.158.75:443 10.28.56.13:39885 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
oecl#
Oct 4 09:52:25: %FW-6-DROP_PKT: Dropping icmp session 194.190.130.33:0 10.28.3.65:0 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
Oct 4 09:53:00: %FW-6-DROP_PKT: Dropping udp session 72.246.184.10:3478 10.28.20.2:65284 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
Oct 4 09:53:43: %FW-6-DROP_PKT: Dropping icmp session 81.148.239.30:0 10.28.58.3:0 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
Oct 4 09:54:40: %FW-6-DROP_PKT: Dropping udp session 72.246.184.10:3478 10.28.20.2:65284 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
Oct 4 09:55:29: %FW-6-DROP_PKT: Dropping udp session 72.246.184.10:3478 10.28.20.2:65284 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
Oct 4 09:56:10: %FW-6-DROP_PKT: Dropping icmp session 216.6.121.70:0 10.28.3.40:0 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
Oct 4 09:57:08: %FW-6-DROP_PKT: Dropping udp session 72.246.184.10:3478 10.28.20.2:65284 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
Oct 4 09:57:57: %FW-6-DROP_PKT: Dropping udp session 72.246.184.10:3478 10.28.20.2:65284 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
Oct 4 09:58:31: %FW-6-DROP_PKT: Dropping tcp session 199.30.80.32:80 10.28.3.59:49737 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
Oct 4 09:59:08: %FW-6-DROP_PKT: Dropping tcp session 199.30.80.32:80 10.28.3.59:49809 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
Oct 4 09:59:40: %FW-6-DROP_PKT: Dropping tcp session 199.30.80.32:80 10.28.3.59:49846 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
oecl#
Oct 4 10:00:26: %FW-6-DROP_PKT: Dropping udp session 72.246.184.10:3478 10.28.20.2:65284 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
oecl#
Oct 4 10:01:04: %FW-6-DROP_PKT: Dropping icmp session 90.194.245.167:0 10.28.3.40:0 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
Oct 4 10:01:34: %FW-6-DROP_PKT: Dropping tcp session 93.184.220.20:80 10.28.3.87:49919 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
Oct 4 10:02:05: %FW-6-DROP_PKT: Dropping udp session 72.246.184.10:3478 10.28.20.2:65284 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
Oct 4 10:02:47: %FW-6-DROP_PKT: Dropping tcp session 93.184.220.20:80 10.28.3.87:49919 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
Oct 4 10:03:33: %FW-6-DROP_PKT: Dropping tcp session 66.220.158.76:80 10.28.3.41:49846 on zone-pair out-to-in class class-default due to DROP action found in policy-map with ip ident 0
zastosowalem firewalla powyzszego zeszlej nocy, dzis rano regularnie (co minute) dostaje powyzsze wpisy, czy to normalne? narazie nie zauwazylem zeby mi cos blokowalo, ani nikt mi tego niczego zareportowal - albo moze to kwestia czasu.