Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 19 replies
  • Subscribers 3 subscribers
  • Views 6704 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HA active/active, firewall rules stop working 8.202

beheerder1
We have some problems lately, some of our firewall rules stop working during the day, after a reboot of one of the astaro's or sometimes after like 4 hours they are suddenly working again.

Another question, what you see on the attachment (HA configured active-passive) both asg320 shows active. Is that correct?


I updated last week to 8.202, then above problem occurred, can i simple restore back to 8.103? (from automatic backup)


This thread was automatically locked due to age.
Parents
  • 0
    If i enable allow ANY  ANY (our top rule)
    (this is disabled by default offcourse [;)] )

    The ldap login that was not working does work then. (but that is not really secure)

    In the packetfilter log, nothing unusual is shown.
    Ill send you our backup,
  • 0 in reply to beheerder1
    One "dumb" idea:  are you using the HTTP Proxy, especially in Transparent Mode (profiles count too) ... seems I recall that the default allowed target services for Web Filtering (HTTP Proxy) included, by default, LDAP and / or LDAPS ... that could be your problem... I always prune all that stuff out on production systems.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0 in reply to beheerder1
    One "dumb" idea:  are you using the HTTP Proxy, especially in Transparent Mode (profiles count too) ... seems I recall that the default allowed target services for Web Filtering (HTTP Proxy) included, by default, LDAP and / or LDAPS ... that could be your problem... I always prune all that stuff out on production systems.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
No Data
Unfiltered HTML