I'm working to create policies that utilize layers, so that some layers can be shared to multiple policies. My breakdown is as follows:
- The first layer contains rules related to management (SNMP, SSH, etc) and be included in all policies
- The second layer has more specific rules related to the business unit and be included in some policies
- The third layer has very specific rules related to a particular service/data center etc and be included in a single policy
I've built the layers but notice if I set any of the layers to "Implicit cleanup action = Drop", it results in only rules for that layer working, with all other traffic getting dropped. I can fix that by setting all layers to "Accept", but this results in the firewall policy allowing all traffic, which of course I don't want.
What is the solution to this problem? I would think that having "Accept" on the first two rules and then "Drop" on the last rule would do the trick, but perhaps I'm not understanding how multiple layers get processed.
Running R80.30 Take 219 on both the gateways and the network policy management server.