Policies don't match Source IP

Georges · November 25, 2020, 04:08:28 PM

Hello,

I'm on sensei 1.6.X Premium Edition and i have create a new Policies where i have enter the IP address of my laptop and block for exemple Porno**** And when i try to access it... it's work...
It's only block when the block section is in the Default Policies

Why ?

Thank you in advance :)

sy · November 25, 2020, 05:24:32 PM

Hi Georges,

When you activated the custom policy, does your IP match the correct policy? Can you check it from Reports - Connections - Live Session Explorer - Policy Column?

Georges · November 25, 2020, 10:07:39 PM

Default :(...

I try with both ip and ip/32 but nothing.... :(

sy · November 26, 2020, 06:14:15 PM

Hi Georges,

The policy works and...and. I see that you added a group as well. Your policy matches on LAN interface, in the system group, and the IPs that you added. If one of them is missing, it doesn't apply any item in the policy. So the IP addresses belong to the system group users?

Georges · November 26, 2020, 07:50:49 PM

Ohhh ok i get it.

I remove the system group and user and it's work.

I do not know where is configure system group or user. Sensei conf or Opnsense?

sy · November 27, 2020, 06:04:52 PM

Hi Georges,

Sensei can apply policies for Captive portal and Microsoft AD users and groups. Or, The OPNsense aliases (Firewall - Aliases) use for reporting as top local hosts or kind of local IP reports but not for policy.

Policies don't match Source IP

Georges

November 25, 2020, 04:08:28 PM

sy

November 25, 2020, 05:24:32 PM #1

Georges

November 25, 2020, 10:07:39 PM #2

sy

November 26, 2020, 06:14:15 PM #3

Georges

November 26, 2020, 07:50:49 PM #4

sy

November 27, 2020, 06:04:52 PM #5