[ES] Issuing micro-segmentation causes iptables to be ineffective

Problem Description

The customer feedback is that the iptables rules of the Linux server always fail, but it works fine after disabling ES.

Effective Troubleshooting Steps

Confirm that the customer has configured a micro-segmentation strategy and that it is a policy from IP group to IP group, where the source IP includes the corresponding server's network card IP.

Root Cause

ES issuing micro-segmentation policies will clear the iptables of Linux and replace them with the policies issued by ES, causing the original iptables policies to be ineffective.

Solution

Just configure and deploy the necessary interception policies using ES.

Suggestions and Summary

To clear the iptables on Linux or to disable the Windows firewall, you need to check the following:

1. Whether the port blocking of the corresponding terminal is used.
2. Whether the corresponding terminal has the function of preventing blacklisted explosive attacks.
3. Whether the corresponding terminal has issued a host isolation policy.
4. Whether the corresponding terminal has joined the micro-isolation business system.
5. Does the policy from IP group to IP group in the micro-segmentation strategy include the corresponding terminal's network card IP?

If the above content needs to be adjusted, the agent program needs to be restarted to restore it.

Original Link

https://support.sangfor.com.cn/cases/list?product_id=16&type=1&category_id=2627&isOpen=true