Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Srdjan_B
Collaborator

Policy verification fails with Data Center objects

We noticed a strange issue with policy verification (R80.40). The policy is heavily AWS dependent, more than 50% of all rules are using AWS security groups either as a source or a destination. Here is example of some of the rules:

Rule#SourceDestinationServiceAction
10010.0.0.0/8sg-aaa, sg-bbbAnyAccept
...    
20010.0.0.0/8sg-cccAnyAccept
...    
30010.0.0.0/8sg-ddd, sg-eeeAnyDrop

 

Verifier complains that rules 100 and 200 conflict with rule 300. Security groups are different, and they are not empty.

Strangely, policy installation succeeds. Furthermore, running policy verification after installation succeeds as well.

Any ideas why is this happening and how to avoid it? Thanks.

 

0 Kudos
4 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.