Supposed that we have the 3 ordered layers as configured in the images below.
If a user inside Network51 attempts to access the IIS_Host through a gambling site in HTTPS, this is what the Gateway will evaluate:
- first, it will evaluate the rules in layer 1 "Network" and find an accept match at rule 3.
- then, because this is an "accept" match, it will evaluate the rules in layer 2 "Applications". It will match at the drop rule 1. Because this is a "drop" rule, the next ordered layers will not be evaluated at all and the connection will be dropped.
Hope this helps