Hi,
After migrating one of my offices from Juniper WLAN to a new Aruba WLAN (conroller based), an issue was reported by one of our users not eing able to connect to a cusomter service.
When investigating this, I noticed that this particular traffic was marked with a 'D' looking at the show datapath session table.
So his particular traffic is being denied.
Below the specific output if the datapath:
1.1.1.1 2.2.2.2 6 8290 8292 0/0 0 0 0 tunnel 3770 5 1 52 FDYC
1.1.1.1 3.3.3.3 6 8283 8292 0/0 0 0 0 tunnel 3770 5 0 0 FDYC
The denying of this traffic raises some questions:
- why is this traffic being denied (security risk?)
- why can't i locate the deny rule in the statefull firewall
- what is exactly denied; source or destination (I'm assuming the latter)
To solve this I want to allow this traffic but instead of adding an allow rule, I want to change the current deny rule into allow which circles back to my second question.
Thanks for he help!