Results 1 to 6 of 6
  1. #1
    Untangler
    Join Date
    Sep 2019
    Posts
    57

    Default Using a tag for bypass, once host is in bypass clearing the tag, host still bypassed

    Running Untangle: 16.5.0.20220125T104621.4a2ac8c1bf-1buster

    I think I found a bug, I have a rule for the bypass that if tag a host with "bypass" it bypasses the NG Firewall stack. When I cleared the tag the host continues to be bypassed. Here is a image of rule:

    bypass1.png

    The host isn't tagged:

    bypass2.png

    And the sessions are still showing bypassed:

    bypass3.png


    If I disable the bypass rule in the bypass rule list the host 192.168.10.166 goes back to normal processing. When I turn the rule back on the host is bypassed again. So from my perspective the NG Firewall still thinks the tag is on the host even though the UI shows the tag isn't set.

    I really wanted to use this for host testing where I can set the tag for a period of time and then have it auto revoked. Now that this host is struck in bypass how do I clear it?

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,655

    Default

    Since I don't know where the screen captures are from so I'm guessing. Always include the entire browser so we know where in the product the image is from. The bypass sessions don't go through the UVM so bypass sessions cannot be tagged.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler
    Join Date
    Sep 2019
    Posts
    57

    Default

    Sorry about that. The first image is from Configuration / Network / Bypass:

    bypass4.png

    The second image is from the "Hosts" list where I have removed the Tag from the computer

    The third image is from reports /network/bypassed sessions:


    bypass5.png

    I don't think you understand the problem statement. I wrote the rule in Config / Network / Bypass to use the tag "bypass" to bypass the UVM stack.

    If I tag a host with bypass it was bypassing just fine. When the tag was removed from the the host, it never returned to being scanned by UVM. Now the host is always bypassing even though the tag is removed. This is a bug.

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,655

    Default

    No worries. I did understand your scenario. Session tags are in Layer 7. A layer 7 (UVM) rule can mark the traffic as bypassed which is layer 3. Once in layer 3, UVM does not process traffic by design. Therefore there is no ability to tag it. It is a one way process using tags. Tags are not a networking protocol feature, tagging is a UVM method.

    You could create a policy with no apps to allow unfiltered traffic which can switch back to filtered. It is not the same as bypass since some traffic does not like the UVM processing.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangler
    Join Date
    Sep 2019
    Posts
    57

    Default

    Thanks for the suggestion. You may want to remove the tag option from the bypass rules page since there is this layer 7 vs. layer 3 duplicity.

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,655

    Default

    That is an issue on all rule making screens we are looking to fix in the next GUI upgrade. We use the same rule making screen on all apps and pages which may not have the ability to control. I see the confusion it can create.
    RonV42 likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2