TZ400 - App Rules - new fw 6.5.4.9-92n
Anyone else experiencing some funkiness with app rules that were previously working since updating to the new build 6.5.4.9-92n ?
Suddenly a host that was previously able to use VNC via an app rule exception ( and their backward exception logic ) is only getting some two-way communication to the target before IDP intercepts and kills the connection. Packet monitor shows the connection is reset as below:
-------------------------------------------
DROPPED, Drop Code: 131(IDP detection DROP_IP_IDP_RESET_CONNECTION), Module Id: 25(network), (Ref.Id: _7476_uyHtJcpfngKrRmv) 2:2)
Best Answer
-
BartMan Newbie ✭
This one was my fault entirely.
Apparently the VNC flavor I was using was also using SOCKS, and app filter was blocking the socks component and I had to make a separate allow for SOCKS.
Had to monitor the event viewer to realize that. Duh.
0