Troubleshoot system-generated Azure Firewall messages
If you see error messages on the Illumio Segmentation for the Cloud Events page System Events tab related to Azure Firewalls, you may need to adjust settings according to the table.
List of system-generated Azure Firewall messages
Use the following table to assist you with troubleshooting system-generated error messages.
Message | Cause | Resolution |
|---|---|---|
Enforcement for <azure-firewall-csp id> failed | Error sent from Azure Cloud when Illumio Segmentation for the Cloud tries to enforce rules | Examine the 'details' field to see the error that Azure returned. 1. RESPONSE Not Found - This error means that either a resource group or firewall policy has been deleted, so Illumio Segmentation for the Cloud fails to enforce rules. No action is required. 2. RESPONSE Forbidden - This error means that Illumio Segmentation for the Cloud lacks permissions to update the Azure Firewall Policy rules. Check your permissions in the Azure portal to make sure that Illumio Segmentation for the Cloud has write permissions in addition to read permissions. |
CloudSecure authored rule <rule-id> from <azure-firewall-csp id> was modified. Correct rule will be enforced again. | An administrator might have updated a rule enforced by Illumio Segmentation for the Cloud | Ignore the message if changes were made by mistake. This is because Illumio Segmentation for the Cloud automatically fixes the policy. See Tamper Protection. If changes were intended, then review and change the policy in Illumio Segmentation for the Cloud. |
CloudSecure authored rule <rule-id> from <azure-firewall-csp id> was removed. Correct rule will be enforced again. | An administrator might have deleted a rule enforced by Illumio Segmentation for the Cloud | Ignore the message if changes were made by mistake. This is because Illumio Segmentation for the Cloud automatically fixes the policy. See Tamper Protection. If changes were intended, then review and change the policy in Illumio Segmentation for the Cloud. |
CloudSecure authored Rule Collection Group <rcg-id> from <azure-firewall-csp id> was modified. Correct rule collection group will be enforced again. | An administrator might have modified a Rule Collection Group created by Illumio Segmentation for the Cloud | Ignore the message if changes were made by mistake. This is because Illumio Segmentation for the Cloud automatically fixes the policy. See Tamper Protection. If changes were intended, then review and change the policy in Illumio Segmentation for the Cloud. |
CloudSecure authored Rule Collection Group <rcg-id> from <azure-firewall-csp id> was removed. Correct rule collection group will be enforced again. | An administrator might have deleted a Rule Collection Group created byIllumio Segmentation for the Cloud | Ignore the message if changes were made by mistake. This is because Illumio Segmentation for the Cloud automatically fixes the policy. See Tamper Protection. If changes were intended, then review and change the policy in Illumio Segmentation for the Cloud. |
CloudSecure authored Rule Collection <rcg-id> from <azure-firewall-csp id> was modified. Correct rule collection will be enforced again. | An administrator might have modified a Rule Collection created by Illumio Segmentation for the Cloud | Ignore the message if changes were made by mistake. This is because Illumio Segmentation for the Cloud automatically fixes the policy. See Tamper Protection. If changes were intended, then review and change the policy in Illumio Segmentation for the Cloud. |
CloudSecure authored Rule Collection <rc-id> from <azure-firewall-csp id> was removed. Correct rule collection will be enforced again. | An administrator might have deleted a Rule Collection created by Illumio Segmentation for the Cloud | Ignore the message if changes were made by mistake. This is because Illumio Segmentation for the Cloud automatically fixes the policy. See Tamper Protection. If changes were intended, then review and change the policy in Illumio Segmentation for the Cloud. |