Policy Rule Monitoring

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Hi,

Do you know if there is a way of monitoring traffic being denied or approved for a given policy for a given port.

I think I remember seeing the ability to super impose policy rules on a Wireshark trace, which might be the only means of doing it?

The point is that in the creation of a policy role that denies all traffic, it would be really handy to simply build on the rules of traffic that you maybe seeing being denied but actually want to allow through or visa versa. You can with all the best intension create a role & rules that you think would do the job but there is always going to be something that could slip the net this would be invaluable for.

Many thanks in advance.
Photo of Martin Flammia

Martin Flammia

  • 5,744 Points 5k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Mike Thomas

Mike Thomas, Employee - GTAC - NMS

  • 7,498 Points 5k badge 2x thumb
Martin, what product are you using? This affects the ability to show some of this information.
Photo of Martin Flammia

Martin Flammia

  • 5,744 Points 5k badge 2x thumb
Sorry, should have said. Its for EXOS, track 21 firmware, on any policy capable hardware but x450-G2 in particular.

Thanks.
Photo of Martin Flammia

Martin Flammia

  • 5,744 Points 5k badge 2x thumb
Just bumping this one question as could really do with knowing how this is accomplished.

Many thanks.
Photo of Tom Currier

Tom Currier, Employee

  • 720 Points 500 badge 2x thumb
Martin, rule accounting is the feature that you're looking for that provides rule hit information but it's not currently supported on XoS based hardware.  You have identified a possible solution already by utilizing the wireshark capabilities for a role and it's associated rules.  You can run either live traffic or a captured trace through the Role's wireshark function and this will identify how traffic will be handled.

This KCS describes the process: https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-determine-which-Policy-Manager-serv...
Photo of Martin Flammia

Martin Flammia

  • 5,744 Points 5k badge 2x thumb
Great, thanks Tom!

Don't suppose you know when rule accounting will be available for XOS, just in case I can expect it anytime soon?

Cheers.
Photo of Tom Currier

Tom Currier, Employee

  • 720 Points 500 badge 2x thumb
Martin, There are no plans to support Policy Rule Accounting to XoS.  It's only supported on the S/K/N series products.