Some times the appliance is changing the firewall policy of some users to custom, i want to know why and where can i see the log of this actions.
Solved! Go to solution.
HA !
So that is exactly what I was referencing in my first response lol
So basically that group policy you have on the access control settings for that SSID is going to have false positives as you've clearly seen.
I have to deal with this myself, where it thinks that a MacBook Pro is an iPhone and it blocks it. I probably get a client a day for this type of thing.
Two solutions:
1. remove that feature
2. use EAP-TLS with certificate/machine based authentication and then remove that feature
This can happen if you have applied a policy against two different connections types (such as MR and MX). You then end up with "custom" showing, or it changing depending on how the user is connected.
When you are viewing the user, there is a little "something" (can't quite remember what it is) to expand by the "custom" showing how the policy is applying by connection type.
Could be i just find some duplicates rules in the traffic shaping for the MX and the MR's, so i disabled the MR rules to see if this solve the issue, Thanks
Sorry guys but no luck, today i just have other 3 users with the same issue and there is not record in the changes log so is not other admin doing this.
So when it change to custom in the title but as restrictions is similar to blocked, all access to internet and internal network is block, the most strange thing is i don't have a custom policy like that
So when it changes to custom, drop down the menu to see what exactly it changes to.
I'm assuming the option in red below is selected and it chooses something?
well i know that is redundant but is how the users want it :s
HA !
So that is exactly what I was referencing in my first response lol
So basically that group policy you have on the access control settings for that SSID is going to have false positives as you've clearly seen.
I have to deal with this myself, where it thinks that a MacBook Pro is an iPhone and it blocks it. I probably get a client a day for this type of thing.
Two solutions:
1. remove that feature
2. use EAP-TLS with certificate/machine based authentication and then remove that feature
what a pain in the ass, thanks any way i will try with the EAP- TLS