Troubleshooting a firewall rule

stevenmedeiros — Mon, 11 Mar 2019 20:07:29 GMT

I have an FWSM 4.0(7).

I'm creating firewall policies within Cisco Security Manager.

I created a simple policy that from a couple of hosts (10.127.154.8 & 9) to communicate to some other hosts that live on a different vlan(10.127.76.31 &32) and made a reciprocal policy for the other direction. The point of these policies is to allow port tcp/50636 in both directions.

I put this rule at the top of the ruleset to make sure there are no other rules above it that would negate the rule above.

Yes, I also saved it and "Submitted and deployed" this to the appropriate FWSM

However, In the syslog, I see that port tcp/50636 is still being denied. See attached screenshot

I have also confirmed that this policy is in the config of the FWSM itself.

I have confimred that there is nothing on the host blocking (antivirus, windows firewall) this port

I have seen this type of scenario a couple times before in the past, where I create a policy, it doesn't work right away - then it mysteriously works one day.

I'm wondering if there is abug in this software version for this type of activity? Any comments on what I could try to get the policy working?

Thanks!

Re: Troubleshooting a firewall rule

Jennifer Halim — Wed, 16 Mar 2011 02:20:55 GMT

You might want to check if you have hit the hard limit on the ACL configured on the FWSM.

Is this multiple context or single context mode?

topic Troubleshooting a firewall rule in Network Security

Troubleshooting a firewall rule

Re: Troubleshooting a firewall rule