State lookup fails with "access denied" for firewall policy
I am in the process of setting up Ubuntu Linux (20.04) clients with VPN access using f5epi. Everything works, except for a firewall policy. The client side logs contain: 2021-09-29,12:50:17:954, 19837,19837,, 48, , 221, CreateInspector(), Created new OesisModule: SDK Version = '4.3.1161.0', V3V4 Adapter Version = '4.3.980.0' 2021-09-29,12:50:17:954, 19837,19837,, 48, , 224, CreateInspector(), Created new reference 2021-09-29,12:50:17:954, 19837,19837,, 48, , 74, OesisModule:Run(), policyData=type=fw&collect=2&count=1&check_list_type=required&vendor_id1=97&id1=0&version1=&platform1=2&state1=1 2021-09-29,12:50:17:954, 19837,19837,, 48, , 169, OesisLogInfoPolicy(), server configuration check list ===> Type: fw vendor_id: 97 id: 0 version: platform: 2 state: 1 2021-09-29,12:50:19:043, 19837,19837,, 48, , 86, OesisModule:Run(), testing product: id=97001 2021-09-29,12:50:19:043, 19837,19837,, 48, , 98, OesisModule:Run(), Product didn't match with any product from "server configuration check list"-> 2021-09-29,12:50:19:043, 19837,19837,, 48, , 194, , id=97001 2021-09-29,12:50:19:043, 19837,19837,, 48, , 194, , vendor_id=97 2021-09-29,12:50:19:043, 19837,19837,, 48, , 194, , version=1.8.4 2021-09-29,12:50:19:043, 19837,19837,, 48, , 194, , name=IPTables 2021-09-29,12:50:19:043, 19837,19837,, 48, , 194, , vendor_name=IPTables 2021-09-29,12:50:19:043, 19837,19837,, 48, , 194, , errors=Failed to get 'state'. code: -32 (Access denied) mId: 1 iId: 11 2021-09-29,12:50:19:087, 19837,19837,, 48, , 155, OesisModule:Run(), leave (check failed) I assume the issue is that the iptables state check is trying to do something it is not allowed to do locally. Does anyone recognize this problem or have any information on what OesisModule is trying to access in this case?