I know that in R80.10 you can add multiple Layers in the Access Control Part of the Policy.
My understanding is, that if there is an accept in the first layer, the next Layer is checked and so on.
If I use the implicit accept setting in the all Layers (except the last one) all layers are allways checked.
So only connections that are accepted in all Layers (either implicit or by a explicit rule) are accepted.
But what happens with the well known hiding problem?
- Will a rule in Layer 1 hide a rule in Layer 2? Will I be able to install the policy if in Layer 1 and Layer to are the same rules?
What about the max number of Layers?
- Can I use 200 Layers in a Policy (instead of 200 sections in one Layer)