[IAG] A possibility that access control policy denial may not take effect
Problem Description
Rejection of Sunflower and Todesk is not effective. The rule base is the latest version.
Warning Information
None
Effective troubleshooting steps
- Check that the user is online normally and matches the access control policy
- The user has not added the global exclusion address and the rule base is the latest version
- The fault monitoring center did not find any policy anomalies. Through connection monitoring combined with NetworkMonitor, it was confirmed that the address of Sunflower was identified as a custom application.
Root cause
Check if the range of custom application settings does not include all IP addresses, which may cause Sunflower to not be recognized normally and the policy to not take effect.
solution
Adjust the custom application settings so that sunflowers can be recognized normally
Operation Impact Scope
None
Is this a temporary solution?
No
Suggestions and Conclusion
None
Troubleshooting content
None
Original Link
https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=24433&isOpen=true