I have a pair of clustered 7220s running 8.10. I have a role for authenticated users. But users in this role are having port 443 traffic denied to a specific website.
show datapath session table shows:
Source IP or MAC Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags CPU ID
----------------- --------------- ---- ----- ----- -------- ---- --- --- ----------- ---- ---------- ---------- --------------- -------
10.10.32.104 10.80.0.4 6 12079 443 0/0 0 0 0 tunnel 2994 5 2 104 FDYC 27
10.10.32.104 10.80.0.4 6 12078 443 0/0 0 0 0 tunnel 2994 5 2 104 FDYC 27
show rights includes allowall which should allow the traffic, correct?
allowall
--------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Denylist Mirror DisScan IPv4/6 Contract Mark Description
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- -------- ------ ------- ------ -------- ---- -----------
1 any any any permit Low 4
2 any any any-v6 permit Low 6
So how can I figure out what policy is causing the D?
------------------------------
-Bill
------------------------------