Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Chou_YiHsien
Explorer

HTTPS inspection policy doubt

Hi Everyone,

 

I have a question.

I set 2 policies on R80.40 HTTPS inspection.

1.src:any ,dst:google service , service port:443 

2.src:any , dst:xx.xx.xx.xx , service port:443

Why is there no effect if the IP is placed in the second policy?
If you put the IP in the first one, it will be applied normally?

5 Replies
_Val_
Admin
Admin

How do you mean, no effect?

0 Kudos
Nikolai_Borhart
Contributor

I have also already made the experience that with the HTTPS Policy you should first make the rules based on IP addresses at the top and then those based on applications below.

I had the applicaton based bypass rule in the first place and the policy did not work.

For me it seems like you have to pay attention to a certain sequence.

But I haven't found anything where it's documented.

0 Kudos
Chou_YiHsien
Explorer

So there is priority
That is, I must first set the IP before setting up the application?

Does this have the documentation?

 

 

0 Kudos
PhoneBoy
Admin
Admin

Rules are evaluated per Column-based rule matching.
This applies to HTTPS Inspection policy as well.
If the connection matches the first rule, that is the rule that will apply.
In general, you should always have more specific rules first.

0 Kudos
_Val_
Admin
Admin

@PhoneBoy just a small correction, for Unified Policy, and not for HTTPS Inspection, if AC/URLF and/or content inspection are in play, it might be that the connection will be matched to more than a single rule, pending streaming data decision.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events