topic Implied rule override explicit rule in Firewall and Security Management

Implied rule override explicit rule

Sunray — Wed, 10 Dec 2025 09:45:36 GMT

We have enabled above option as "before last" & after checking logs we are getting random ip's are still trying to connect external DNS servers.even though we have explicit rule configured for our internal DNS. Would like to know as per behaviour all DNS logs should hit to explicit rule, but not occurring in this scenario.

anyone provide me answer why external DNS request's are hitting over Implied rules (Configrued as "before last" under global properties)

even when an explicit rule has priority.

HOTFIX_R80_40_JUMBO_HF_MAIN Take: 125

ADMIN NOTE: The attachments were removed to protect the confidentiality of our customer.

Re: Implied rule override explicit rule

Chris_Atkinson — Tue, 18 Jan 2022 07:27:37 GMT

To clarify you have configured a rule specifically to "drop" this DNS traffic higher in the policy that is not matching?

Perhaps it is easier to work this with TAC if you're uncomfortable with showing the relevant policy rules & log card detail here.

Re: Implied rule override explicit rule

Sunray — Tue, 18 Jan 2022 09:26:08 GMT

Hello Chris,

I had allowed in any for all DNS traffic in explicit rule on higher priority but still traffic for external DNS hitting implicit rule.

Re: Implied rule override explicit rule

Chris_Atkinson — Tue, 18 Jan 2022 10:08:54 GMT

As above please provide more details of the policy, log card & matched rules tab so we can help.

Re: Implied rule override explicit rule

Sunray — Wed, 10 Dec 2025 09:46:04 GMT

Hello Chris

Getting SOA packet for which Implied rule action accept. I have attached all logs

These are VPN user 10.0.0.0 IP range some user hitting external DNS with SOA packet.

ADMIN NOTE: The attachments were removed to protect the confidentiality of our customer.

We are planning to disable Global Properties "Accept Domain Name over UDP (Queries )" will it impact legitimate traffic.