Group any idea how this could happen in zone based firewall:
sh policy-map type inspect zone-pair sessions
Service-policy inspect : Guest_to_Internet
Class-map: Guest_Protocols (match-any)
Match: protocol http
Match: protocol https
Match: protocol dns
Match: protocol bootpc
Match: protocol bootps
Match: access-group name permitany
0 packets, 0 bytes
Class-map: class-default (match-any)
2242890 packets, 1858326904 bytes
As you can see I get no matches on the first part of my policy map (Class-map: Guest_Protocols) although the users in the "Guest" zone are able to surf...
Any ideas how I could troubleshoot this ?
Thanks in advance for your suggestions.
Solved! Go to Solution.
thank you for your quick reply.
It seems that the show policy-firewall sessions platform remains empty.
So the command that you are asking is obiously also empty.
But that is probably because the packets are not matching on inspect rules.
The second command gives a very long output; I'm adding it in attachment.