Very strange issue, this morning the Guest network could not reach Google.com or any of it's owned services (like YouTube). However, we can browse to many other websites, both 443 and 80 with no issues. I plugged into the switch the controller connects to, and can get to Google no problem in Guest VLAN, so I know it's the controller. I did a "show datapath session table" for my client IP and when I browse to google.com, I get a ton of denies. Our ACLs specifically allow HTTP/HTTPS for any location. We do have a deny statement above, but it blocks access to our 10.0.0.0/8 network, while Google is responding with 172.217.x.x. Image attached.
Any ideas how I can unblock this traffic? I've tried an Allow-All ACL at the top of my user-role, but still blocked.
Thanks.