DPI filters not being obeyed
I have created 2 DPI Application Filter for my business network and from my tests I see that rules are not correctly followed.
DPI configuration:
First here is my DPI configuration. You can see all my VLANS area assined to 2 Application Filters.
The blocking filter: Personel_Filter
This is the default filter set for most VLANs on my network that filters the most of the stuff that doesn't belong company network and allows a related apps in Allowed_Class1, Allowed_Class2 and Allowed_Class3 rules etc.
The unrestricted filter: Yonetici_Filter
This filter only uses Allowed_Unrestricted_Class1 rule that allows all app traffic to pass through.
As you can see it flags all 2386 apps to QoS Class 1 which should allow the traffic.
My pc is set to VLAN that is assigned to the unrestricted filter: Yonetici_Filter
The problem
So basically I expect:
- All the PC and devices in other VLANs to get traffic blocked for apps like battlenet, steam, dropbox and discord.
- My PC that sits in specific VLAN (yonetici) with the unrestricted DPI filter (Yonetici_Filter) assigned should allow these apps.
In my tests though, I can see my own PCs traffic for apps like battlenet, steam, dropbox and discord is blocked.
When I click the details of the blocked apps, I can see my own PC is listed in details:
From my understanding rules from the restricting profile (Personel_Filter) is affecting my PC even though it should only be evaluated using Yonetici_Filter. Either I'm misconfiguring something here or there is a bug.
Any ideas?
@Vincent-TP your help is welcome :)
Hi there,
My pc vlan is actually correct, let me resend the screenshots:
First I renamed the VLAN's for you better to understand it:
this is the unrestricted VLAN (old name was yonetici)
and my PC is belongs to this VLAN
in DPI settings Unrestricted_Filter (old name was Yonetici_Filter) is assigned to unrestricted VLAN.
Unrestricted_Filter contains this rule:
And Allowed_Unrestricted_Class1 enables traffic for apps like Battlenet, Steam, Discord, Dropbox etc (and all available defined apps):
With this configuration I expect Battlenet to work on my PC but it doesn't.
I further think that my PC in vlan unrestricted instead getting Full_Restriction_Filter applied (in first post it's name is Personal_Filter).
I can check this with this steps:
Every VLAN expect unrestricted VLAN is assigned with Full_Restriction_Filter
Full_Restriction_Filter contains all the blocking rules
The battlenet and steam is contained in Blocked_AppStore.
In this state Battlenet and Steam is blocked in my unrestricted vlan member pc (my own pc).
Once I remove the battlenet and steam from Full_Restriction_Filter's Blocked_AppStore rule, battlenet and steam starts to work on this PC.
So in summary:
My own pc is set to unrestricted VLAN (100) and unrestricted VLAN uses Unrestricted_Filter. But my PCs apps are getting blocked by the Full_Restriction_Filter which should not be applied to my pc.
I suspect this should be related to that I have defined per-category rules:
I've a total of 29 per-category rules:
I think having this number of rules may be effecting my network?
Another test that pins the issue - incorrect rules are applied
I changed default vlan rule to Unrestricted_Filter and battlenet and steam starts working on my pc again.
So from my understanding for my PC that sits in unrestricted vlan (100), the default VLAN (1) DPI rules are applied incorrectly.
