I have a lot of legitimate outbound traffic intermittently being denied by WatchGuard's "Internal Policy." Today I tried to go to Splunk's homepage and my traffic was denied by my watchguard XTM 22 with Pro upgrade.
What is the "Internal Policy" and what can I do to control it?
Example of Traffic being blocked
Type Date Action Source IP Port Interface Destination IP Port Policy
Traffic 2011-09-21T18:24:43 Deny 10.0.0.90 49627 3-Primary LAN 64.127.105.40 80 Firebox Internal Policy http/tcp
Top three firewall policies:
Best Answer
The first firewall policy is "Deny any traffic from 10.0.0.90", so that's what it's doing (your source IP is 10.0.0.90 in the deny message).
Policies are applied from top to bottom, and denies before allows, so that policy matches, denies the traffic, and no more are looked at.
What can you do about it? Change the policies.