Management General Management Topics Logging and Reporting Multi-Domain Management Policy Management
- Local User Groups
AI & Machine Learning
CheckMates is here!
When "Accept" is selected in the inline layer's "Advanced" properties for the Implicit Cleanup Action, resultant cleanup rule created with "Drop" action:
Hi, Implicit Cleanup only matters if there's no explicitly defined cleanup rule at the end of the layer.
It is still a best practice to create an explicit rule and have it logged. This is how the layer looks like when there isn't an explicit cleanup rule at all:
We will try to highlight contradicting cases like this better in the user interface.
So in effect, when I am specifying "Accept", only the hidden rule is being created and appended at the end of the layer after the Explicit Cleanup rule created with the layer:
Where Explicit Cleanup rule could not be deleted and, if modified, will trigger the appearance of the "Implicit" Cleanup rule:
Explicit cleanup rule can be deleted and if deleted triggers the appearance (and enforcement) of the implicit cleanup rule.
The reason why the implicit cleanup rule isn’t displayed when there’s an explicit any, any, any, is because it is ignored by the gateway as well since there’s never going to be unmatched traffic.
OK, the "Delete" option is grayed-out in the screenshot of my previous post only if it is the only rule in the newly declared layer.
Thank you for clarification.