Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
New Zenarmor Release does weird things
« previous
next »
Print
Pages: [
1
]
Author
Topic: New Zenarmor Release does weird things (Read 919 times)
Mbl
Jr. Member
Posts: 78
Karma: 6
New Zenarmor Release does weird things
«
on:
August 16, 2023, 01:22:37 am »
I have igb0 with different VLANS:
- 110 MGMT_VLAN --> very restricted
- 150 CLIENT_VLAN
MGMT_VLAN has a dedicated policy listening on VLAN 110.
CLIENT_VLAN is covered with the default policy.
As you can see from live session explorer print screen hosts being connected to VLAN 150 are somehow covered with policy MGMT_VLAN. As things are still somehow working according the default policy for those hosts in VLAN 150 I assume this is only a logging / display issue. But still it leaves an uneasy feeling...
Logged
lawful_milieu
Newbie
Posts: 7
Karma: 0
Re: New Zenarmor Release does weird things
«
Reply #1 on:
August 16, 2023, 02:39:54 am »
+1
I am noticing the same thing after upgrading to ZenArmor Engine 1.14.2 on OPNsense 23.7.1_3-amd64.
I expect some devices to inherit the default policy and they are getting the policy which is assigned to a separate VLAN tag and IPv4 subnet.
I tried limiting the policies to the IPv4 subnet used on the VLAN as I was previously just using the VLAN tag - this did not change the behavior.
One thing I've noticed is the order in which the policies are listed (/ui/zenarmor/#/0/policies - drag and drop) seems to affect which (wrong) policy is applied.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
New Zenarmor Release does weird things
