Firewall rules bug after configuration restore?
-
after a config restore from AutoConfigBackup the firewall rules seems to "forget" the alias assignment. meaning, the aliases are all listed as expected, the rules show aliases as well, however, the firewall is actually blocking the traffic that the rule(s) were supposed to allow. in order to fix this, I had to delete the hostname from the alias, save, apply, then add the hostname back to the alias, save, apply. the rule then works as before.
this is very confusing, as everything looks OK in the GUI: the firewall PASS rule shows the correct alias, the alias contains the correct hostnames etc, yet, the traffic is being blocked.
is this a known bug related to how autoconfigbackup restore works? i haven't been able to find it.
now that I know how it "works", it's not a problem anymore, however, I just wanted to report it so it perhaps helps others who struggle with the same.
-
I have not seen that happen before, but it sounds like the firewall just had not resolved the contents of the alias yet. It takes about 5 minutes between checks for alias hostnames, but you can lower that value at System > Advanced, Firewall & NAT tab, Aliases Hostnames Resolve Interval
-
thx, @jimp
i tried waiting for hours, even days. i found about this by making config changes on friday, then just checked the fw rules are in place, but didn't actually test. then, on monday, users complained about network apps not working. turned out it started to work once I removed the hostname from the alias, saved/applied, and then added the same value back again.
