Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Firewall problems with authenticated "allow" users to DMZ zone.

This thread has been viewed 2 times

  • 1.  Firewall problems with authenticated "allow" users to DMZ zone.

    Posted Oct 23, 2013 08:36 AM

    Hi, we have problems with firewall on our 3200 Controller. 
    We have a few macs on our network and they have problems reaching web servers in our DMZ zone. 
    Windows clients is working fine. 
    Auth is PEAP. 

     

    Tried with firmware 6.1.3 and 6.3.1.

    Same issue..

    The user receives the authenticated role with allow all, but firewall on controller still says deny.

    Anyone had this problem?

     


    #3200


  • 2.  RE: Firewall problems with authenticated "allow" users to DMZ zone.

    EMPLOYEE
    Posted Oct 23, 2013 08:50 AM

    Someone may have edited the authenticated role?! You may also have a firewall policy set on the port/VLAN on the controller.  Can you paste your show run here?



  • 3.  RE: Firewall problems with authenticated "allow" users to DMZ zone.

    Posted Oct 23, 2013 09:10 AM
      |   view attached

    Attachment(s)

    txt
    rbuparuba01.txt   26 KB 1 version


  • 4.  RE: Firewall problems with authenticated "allow" users to DMZ zone.

    Posted Oct 23, 2013 09:11 AM

    The policy set is untouched.

    It contains the two default allow rules..

     

    Vegard



  • 5.  RE: Firewall problems with authenticated "allow" users to DMZ zone.

    Posted Oct 23, 2013 09:15 AM

     

    Even thought you shouldn't have to do this , but have you try to explictly allowing any alias <that host> any permit and place it on top of the list



  • 6.  RE: Firewall problems with authenticated "allow" users to DMZ zone.

    Posted Oct 23, 2013 09:21 AM

    No, i havent tried that.

    The weird thing is that sometimes it works.

    Sometimes the log says allow, sometimes deny..

     

    Vegard



  • 7.  RE: Firewall problems with authenticated "allow" users to DMZ zone.

    Posted Oct 23, 2013 09:52 AM

     

    You should probably open a ticket.

     

    Another thing you could try creating a new role and called it "authenticated-test" and add an allow all rule to that one, unless you are  sending the "authenticated" role from radius 



  • 8.  RE: Firewall problems with authenticated "allow" users to DMZ zone.
    Best Answer

    Posted Oct 24, 2013 02:53 AM

    Hi, we found the problem yesterday with support.

    The IP adresses in the DMZ showed up in the user-table.

    Why it did, i do not know.

     

    We then created a session for that host.

    host 195.204.76.229 any any deny position 6

     

    That seams to have solved the problem. :)

     

    Thank you Support.. :)

     

    Vegard