Hi All,
I was wondering is there any way we restrict only http/https traffic from the first layer to move to next policy layer instead of allowing all the accept rules from the first policy layer to go through the next layer policies. The intention we want to separate it out different layer with different blade inspection.
The scenario:
Example Traffic: Internal Users < https (443) > Internet (facebook.com)
1. Network Layer (Firewall only) = Only for normal network rules
2. URL Filtering Layer (URL Filtering & Application Control Only) = Only for http & https traffic that allow from network layer to this layer to perform URL Filtering Inspection
This is because we don't want all traffic that is hit and allow from Network Layer will to go next policy layer if it is not http/https traffic. Because of this, we must create any any allow to the cleanup rule on the second layer policies otherwise even the traffic is accepted by the first layer it will drop at second layer on clean up rule. Therefore, we only just want those http/https traffic affter being allowed from network policy layer will move to next layer to perform URL filtering & Application Control Inspection.
I do select the first layer with firewall blade only and the second policy layer with application & URL filtering blade only but still the second layer policies will be restricted by firewall blade. Please refer to the images.
Best Regards
Keon