Packet mode search through a security policy searches as if a packet is travelling through it. With inline layer rules it becomes more interesting. This examples shows a match on an inline layer rule that should have not been matched as far as I know.
Example from lab: Packet mode search string:
mode:Packet src:"HP-desktop" dst:any app:TeamViewer action:Accept
Result:
We see here a match on rule 156.2 but the source HP-desktop is not part of the network group that is used as source in rule 156. Therefore it should not have gone further down to rule 156.2 and matched on any. Is this a known limitation with packet mode search and inline layers?
| User | Count |
|---|---|
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 |
Mon 18 Nov 2024 @ 03:00 PM (CET)
EMEA CM LIve: Enhancing Security for Hybrid Workplace and Remote WorkforceMon 18 Nov 2024 @ 02:00 PM (EST)
Americas CM Live: Enhancing Security for Hybrid Workplace and Remote WorkforceTue 19 Nov 2024 @ 03:00 PM (CET)
AI Series Part 3: Maximising AI to Drive Growth and Efficiency (EMEA)Tue 19 Nov 2024 @ 12:00 PM (MST)
Salt Lake City: Infinity External Risk Management and Harmony SaaSWed 20 Nov 2024 @ 05:00 PM (CET)
Under the Hood: DO NOT Renew your WAF without watching THIS!!Mon 18 Nov 2024 @ 03:00 PM (CET)
EMEA CM LIve: Enhancing Security for Hybrid Workplace and Remote WorkforceMon 18 Nov 2024 @ 02:00 PM (EST)
Americas CM Live: Enhancing Security for Hybrid Workplace and Remote WorkforceTue 19 Nov 2024 @ 03:00 PM (CET)
AI Series Part 3: Maximising AI to Drive Growth and Efficiency (EMEA)Wed 20 Nov 2024 @ 05:00 PM (CET)
Under the Hood: DO NOT Renew your WAF without watching THIS!!Mon 25 Nov 2024 @ 02:00 PM (EST)
(Americas) AI Series Part 3: Maximizing AI to Drive Growth and EfficiencyTue 19 Nov 2024 @ 12:00 PM (MST)
Salt Lake City: Infinity External Risk Management and Harmony SaaSWed 20 Nov 2024 @ 02:00 PM (MST)
Denver South: Infinity External Risk Management and Harmony SaaSThu 21 Nov 2024 @ 02:00 PM (MST)
Denver North: Infinity External Risk Management and Harmony SaaSTue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management Workshop
