OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: Georges on November 25, 2020, 04:08:28 pm

Title: Policies don't match Source IP
Post by: Georges on November 25, 2020, 04:08:28 pm

Hello,

I'm on sensei 1.6.X Premium Edition and i have create a new Policies where i have enter the IP address of my laptop and block for exemple Porno**** And when i try to access it... it's work...
It's only block when the block section is in the Default Policies

Why ?

Thank you in advance :)

Title: Re: Policies don't match Source IP
Post by: sy on November 25, 2020, 05:24:32 pm

Hi Georges,

When you activated the custom policy, does your IP match the correct policy? Can you check it from Reports - Connections - Live Session Explorer - Policy Column?

Title: Re: Policies don't match Source IP
Post by: Georges on November 25, 2020, 10:07:39 pm

Default :(...

I try with both ip and ip/32  but nothing....  :(

Title: Re: Policies don't match Source IP
Post by: sy on November 26, 2020, 06:14:15 pm

Hi Georges,

The policy works and...and. I see that you added a group as well. Your policy matches on LAN interface, in the system group, and the IPs that you added. If one of them is missing, it doesn't apply any item in the policy. So the IP addresses belong to the system group users?

 

Title: Re: Policies don't match Source IP
Post by: Georges on November 26, 2020, 07:50:49 pm

Ohhh ok i get it.

I remove the system group and user and it's work.

I do not know where is configure system group or user. Sensei conf or Opnsense?

Title: Re: Policies don't match Source IP
Post by: sy on November 27, 2020, 06:04:52 pm

Hi Georges,

Sensei can apply policies for Captive portal and Microsoft AD users and groups. Or, The OPNsense aliases (Firewall - Aliases) use for reporting as top local hosts or kind of local IP reports but not for policy.