What are the possible causes for not finding a matching access rule during policy lookup from an event?
A. An access rule matching the selected event might not be found in any of the following cases: –If no access rule is configured on the lower security interface in the “in” direction of the device for inbound traffic for the selected event. –If the access rule specified in the syslog is not available on the device. Make sure that the device is added to Security Manager and access rules are configured on it. –If the event is generated by outbound traffic setup/teardown syslog with an access rule configured on the higher security interface in the “in” direction. –The interface name logged in the syslog event might not match the interface name in that policy in Security Manager. (Interface names are not case-sensitive in Security Manager, but they are in CS-MARS. Further, syslog messages use lowercase for all interface names. To avoid this problem, use lower case for all interface names, and in the definition of interface roles, in CS-MARS.) –If a firewall device is added to Security Mana
Related Questions
- Why is the access rule table displayed after lookup in the read-only policy query window different from the one configured in Security Manager?
- I get an error stating that the access rule on the device is not synchronized with the one in Security Manager during policy lookup. Why?
- What are the possible causes for not finding a matching access rule during policy lookup from an event?
