Using a tag for bypass, once host is in bypass clearing the tag, host still bypassed

[RonV42]

Running Untangle: 16.5.0.20220125T104621.4a2ac8c1bf-1buster

I think I found a bug, I have a rule for the bypass that if tag a host with "bypass" it bypasses the NG Firewall stack. When I cleared the tag the host continues to be bypassed. Here is a image of rule:

bypass1.png

The host isn't tagged:

bypass2.png

And the sessions are still showing bypassed:

bypass3.png


If I disable the bypass rule in the bypass rule list the host 192.168.10.166 goes back to normal processing. When I turn the rule back on the host is bypassed again. So from my perspective the NG Firewall still thinks the tag is on the host even though the UI shows the tag isn't set.

I really wanted to use this for host testing where I can set the tag for a period of time and then have it auto revoked. Now that this host is struck in bypass how do I clear it?

[jcoffin]

Since I don't know where the screen captures are from so I'm guessing. Always include the entire browser so we know where in the product the image is from. The bypass sessions don't go through the UVM so bypass sessions cannot be tagged.

[RonV42]

Sorry about that. The first image is from Configuration / Network / Bypass:

bypass4.png

The second image is from the "Hosts" list where I have removed the Tag from the computer

The third image is from reports /network/bypassed sessions:


bypass5.png

I don't think you understand the problem statement. I wrote the rule in Config / Network / Bypass to use the tag "bypass" to bypass the UVM stack.

If I tag a host with bypass it was bypassing just fine. When the tag was removed from the the host, it never returned to being scanned by UVM. Now the host is always bypassing even though the tag is removed. This is a bug.

[jcoffin]

No worries. I did understand your scenario. Session tags are in Layer 7. A layer 7 (UVM) rule can mark the traffic as bypassed which is layer 3. Once in layer 3, UVM does not process traffic by design. Therefore there is no ability to tag it. It is a one way process using tags. Tags are not a networking protocol feature, tagging is a UVM method.

You could create a policy with no apps to allow unfiltered traffic which can switch back to filtered. It is not the same as bypass since some traffic does not like the UVM processing.

[RonV42]

Thanks for the suggestion. You may want to remove the tag option from the bypass rules page since there is this layer 7 vs. layer 3 duplicity.

[jcoffin]

That is an issue on all rule making screens we are looking to fix in the next GUI upgrade. We use the same rule making screen on all apps and pages which may not have the ability to control. I see the confusion it can create.