09-19-2018 02:40 AM - edited 02-21-2020 08:15 AM
Hi
Group any idea how this could happen in zone based firewall:
sh policy-map type inspect zone-pair sessions
Zone-pair: Guest->Internet
Service-policy inspect : Guest_to_Internet
Class-map: Guest_Protocols (match-any)
Match: protocol http
Match: protocol https
Match: protocol dns
Match: protocol bootpc
Match: protocol bootps
Match: access-group name permitany
Pass
0 packets, 0 bytes
Class-map: class-default (match-any)
Match: any
Pass
2242890 packets, 1858326904 bytes
As you can see I get no matches on the first part of my policy map (Class-map: Guest_Protocols) although the users in the "Guest" zone are able to surf...
Any ideas how I could troubleshoot this ?
Thanks in advance for your suggestions.
Solved! Go to Solution.
10-02-2018 02:50 AM
09-19-2018 04:01 AM
09-19-2018 04:22 AM - edited 09-20-2018 12:22 AM
Hi Mohammed,
thank you for your quick reply.
It seems that the show policy-firewall sessions platform remains empty.
So the command that you are asking is obiously also empty.
But that is probably because the packets are not matching on inspect rules.
The second command gives a very long output; I'm adding it in attachment.
thx
09-19-2018 09:46 AM
09-20-2018 12:23 AM
sorry, it is ok now I have added it to the original message.
regards
10-02-2018 02:50 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide