问题描述:
手机部分APP无法加载出数据,比如:什么值得买,bilibili等
切换会手机网络,就可以正常加载。
尝试过的方法:
1. 修改DNS(各种dns都试了,包括手机移动网的dns)
2. 重启网关
3. 重启ac、ap
以上方法都不行,网关和ac都没有做任何过滤包的策略;
组网及组网描述:
网络拓扑如下:
设备型号:
防火墙:SECPATH F100-C-G2
分别创建了vlan1和vlan40,对应的ip地址是:192.168.1.254和192.168.4.254
AC:MSG360-10
ip地址是:192.168.1.10
AP:WAP712C
S1-S3:S5024PV2
POE:S5024PV2-PWR
感觉问题像是出在防火墙上,因为尝试使用手机链接笔记本电脑的热点,也同样不行,这样好像排查了无线的可能性。
- 2020-05-21提问
- 举报
-
(0)
最佳答案
如果display interface dialer 1 看到Bandwidth: 64 kbps,你可以在interface dialer 1下增加配置 bandwidth 1000000,使能了带宽管理后会检测接口带宽。
- 2020-05-21回答
- 评论(1)
- 举报
-
(0)
您好,配置贴出来了。
看下防火墙的默认安全策略,尝试先全放行测试,如果不方便的话
尝试
t m
t d
debugging aspf packet
看看访问时阻止的内容
- 2020-05-21回答
- 评论(2)
- 举报
-
(0)
您好,防火墙配置贴出来了
您好,下面是根据手机的ip地址筛选出的一条日志:*May 21 13:43:49:017 2020 FW ASPF/7/PACKET: The first packet was dropped by ASPF for invalid status. Src-ZOne=Trust, Dst-ZOne=Untrust;If-In=Vlan-interface1(31), If-Out=Dialer1(32); Packet Info:Src-IP=192.168.1.53, Dst-IP=203.107.1.34, VPN-Instance=none,Src-Port=49232, Dst-Port=80. Protocol=TCP(6). Flag=FIN/ACK. Seq=2543224240.
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
display interface Dialer1以及系统视图输入probe回车后,再输入dis system internal traffic-policy drop-statistics看下
<FW>display interface Dialer 1 Dialer1 Current state: UP Line protocol state: UP Description: Dialer1 Interface Bandwidth: 64 kbps Maximum transmission unit: 1492 Hold timer: 10 seconds, retry times: 5 Internet address: 222.211.162.144/32 (PPP-negotiated) Link layer protocol: PPP LCP: initial Physical: Dialer, baudrate: 64000 bps Last clearing of counters: Never Last 300 seconds input rate: 513651 bytes/sec, 4109208 bits/sec, 690 packets/sec Last 300 seconds output rate: 39269 bytes/sec, 314152 bits/sec, 295 packets/sec Input: 21778765 packets, 15618759698 bytes, 0 drops Output: 10635289 packets, 3225419374 bytes, 0 drops -------- [FW-probe]display system internal traffic-policy drop-statistics Slot 1 : ******* AVC Statistics about dropped packets: ******** * upstream ChildRule Gua drop packets: < 0 > * upstream ChildRule Max drop packets: < 0 > * upstream ParentRule Max drop packets: < 0 > * upstream Out Fast drop packets: < 0 > * upstream Out Normal drop packets: < 0 > * upstream OutInter Gua drop packets: < 0 > * upstream OutInter Max drop packets: < 0 > * upstream PerUserOrIP Fast drop packets: < 0 > * upstream PerUserOrIP Normal drop packets: < 0 > * upstream Connect Limit drop packets: < 0 > * downstream ChildRule Gua drop packets: < 0 > * downstream ChildRule Max drop packets: < 0 > * downstream ParentRule Max drop packets: < 0 > * downstream Out Fast drop packets: < 0 > * downstream Out Normal drop packets: < 0 > * downstream OutInter Gua drop packets: < 0 > * downstream OutInter Max drop packets: < 0 > * downstream PerUserOrIP Fast drop packets: < 0 > * downstream PerUserOrIP Normal drop packets: < 0 > * downstream Connect Limit drop packets: < 0 > ---------------------------------------------------------- * upstream Priority 1 drop packets: < 0 > * upstream Priority 2 drop packets: < 0 > * upstream Priority 3 drop packets: < 0 > * upstream Priority 4 drop packets: < 0 > * upstream Priority 5 drop packets: < 0 > * upstream Priority 6 drop packets: < 0 > * upstream Priority 7 drop packets: < 0 > * downstream Priority 1 drop packets: < 0 > * downstream Priority 2 drop packets: < 0 > * downstream Priority 3 drop packets: < 0 > * downstream Priority 4 drop packets: < 0 > * downstream Priority 5 drop packets: < 0 > * downstream Priority 6 drop packets: < 0 > * downstream Priority 7 drop packets: < 0 > [FW-probe]
如果display interface dialer 1 看到Bandwidth: 64 kbps,你可以在interface dialer 1下增加配置 bandwidth 1000000,使能了带宽管理后会检测接口带宽。
加入了bandtidth也不行,bilibili还是加载不出来 [FW-Dialer1]dis th interface Dialer1 bandwidth 1000000
打400吧,现在没看出来有啥问题
谢谢了,最后400的工程师让vlan1的接口增加一个tcp mss 1400,就可以了。