Create a Post
Srdjan_B
Contributor

Policy verification fails with Data Center objects

We noticed a strange issue with policy verification (R80.40). The policy is heavily AWS dependent, more than 50% of all rules are using AWS security groups either as a source or a destination. Here is example of some of the rules:

Rule#SourceDestinationServiceAction
10010.0.0.0/8sg-aaa, sg-bbbAnyAccept
...    
20010.0.0.0/8sg-cccAnyAccept
...    
30010.0.0.0/8sg-ddd, sg-eeeAnyDrop

 

Verifier complains that rules 100 and 200 conflict with rule 300. Security groups are different, and they are not empty.

Strangely, policy installation succeeds. Furthermore, running policy verification after installation succeeds as well.

Any ideas why is this happening and how to avoid it? Thanks.

 

0 Kudos
4 Replies
This widget could not be displayed.