Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 12859 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall rules based on User Group Networks not working after upgrading to 9.501-5

DanielCosta

Our system have one firewall rule that allows a group to access any services on internet. The group is correctly configured with my user. This rule is not working since upgrading to 9.501-5 last friday.

If I add individual users in the firewall rule, I can successfully access all services.

I've already tried creating another group and adding it to the rule but it didn't work. I've tried with other users in the group as well. 

We use the authentication agent on the clients to log in. Other rules based on the groups are working (e.g on the web filter).

I've attached some screens of the admin panel.

 



This thread was automatically locked due to age.
Parents
  • 0

    Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.  Please post one line corresponding to those above, and explain where the target IP is and what it is.

    Please explain what you do to get the "(User Network)" object to be populated with an IP - are they logging in to a VPN?

    Cheers - Bob

  • 0 in reply to BAlfson

    Sorry about the repeated answers. I've been investigating and found out that ipset relating to the group isn't being filled. Running "ipset list" on the shell:

    Name: 4_NetAaaTiUserGroup
    Type: hash:ip
    Revision: 0
    Header: family inet hashsize 4 maxelem 65536
    Size in memory: 104
    References: 1
    Members:
    [no members listed here]

    Tried creating new groups again and adding them to the firewall rule. The group appears on the ipset listing but without members.

Reply
  • 0 in reply to BAlfson

    Sorry about the repeated answers. I've been investigating and found out that ipset relating to the group isn't being filled. Running "ipset list" on the shell:

    Name: 4_NetAaaTiUserGroup
    Type: hash:ip
    Revision: 0
    Header: family inet hashsize 4 maxelem 65536
    Size in memory: 104
    References: 1
    Members:
    [no members listed here]

    Tried creating new groups again and adding them to the firewall rule. The group appears on the ipset listing but without members.

Children