AnsweredAssumed Answered

Multiple Layers with Firewall Rules (Access Control)

Question asked by Daniel Fischler on Apr 28, 2017
Latest reply on May 3, 2017 by Tomer Sole

I know that in R80.10 you can add multiple Layers in the Access Control Part of the Policy.

My understanding is, that if there is an accept in the first layer, the next Layer is checked and so on.

If I use the implicit accept setting in the all Layers (except the last one) all layers are allways checked.

So only connections that are accepted in all Layers (either implicit or by a explicit rule) are accepted.

 

But what happens with the well known hiding problem?

  • Will a rule in Layer 1 hide a rule in Layer 2? Will I be able to install the policy if in Layer 1 and Layer to are the same rules?

What about the max number of Layers?

  • Can I use 200 Layers in a Policy (instead of 200 sections in one Layer)

Outcomes