Wireless Access

Reply
Contributor II

Firewall problems with authenticated "allow" users to DMZ zone.

Hi, we have problems with firewall on our 3200 Controller. 
We have a few macs on our network and they have problems reaching web servers in our DMZ zone. 
Windows clients is working fine. 
Auth is PEAP. 

 

Tried with firmware 6.1.3 and 6.3.1.

Same issue..

The user receives the authenticated role with allow all, but firewall on controller still says deny.

Anyone had this problem?

 

Re: Firewall problems with authenticated "allow" users to DMZ zone.

Someone may have edited the authenticated role?! You may also have a firewall policy set on the port/VLAN on the controller.  Can you paste your show run here?

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Contributor II

Re: Firewall problems with authenticated "allow" users to DMZ zone.

 
Contributor II

Re: Firewall problems with authenticated "allow" users to DMZ zone.

The policy set is untouched.

It contains the two default allow rules..

 

Vegard

Re: Firewall problems with authenticated "allow" users to DMZ zone.

 

Even thought you shouldn't have to do this , but have you try to explictly allowing any alias <that host> any permit and place it on top of the list

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II

Re: Firewall problems with authenticated "allow" users to DMZ zone.

No, i havent tried that.

The weird thing is that sometimes it works.

Sometimes the log says allow, sometimes deny..

 

Vegard

Re: Firewall problems with authenticated "allow" users to DMZ zone.

 

You should probably open a ticket.

 

Another thing you could try creating a new role and called it "authenticated-test" and add an allow all rule to that one, unless you are  sending the "authenticated" role from radius 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II

Re: Firewall problems with authenticated "allow" users to DMZ zone.

Hi, we found the problem yesterday with support.

The IP adresses in the DMZ showed up in the user-table.

Why it did, i do not know.

 

We then created a session for that host.

host 195.204.76.229 any any deny position 6

 

That seams to have solved the problem. :)

 

Thank you Support.. :)

 

Vegard

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: