Create a Post

Policy verification fails with Data Center objects

We noticed a strange issue with policy verification (R80.40). The policy is heavily AWS dependent, more than 50% of all rules are using AWS security groups either as a source or a destination. Here is example of some of the rules:

10010.0.0.0/8sg-aaa, sg-bbbAnyAccept
30010.0.0.0/8sg-ddd, sg-eeeAnyDrop


Verifier complains that rules 100 and 200 conflict with rule 300. Security groups are different, and they are not empty.

Strangely, policy installation succeeds. Furthermore, running policy verification after installation succeeds as well.

Any ideas why is this happening and how to avoid it? Thanks.


0 Kudos
4 Replies
This widget could not be displayed.