Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
phlrnnr
Advisor

Policy verification failed for rule with network objects and access roles

I am new to identity awareness.  I have implemented identity collector with AD and LDAP connectivity from the GWs.  I have an existing network rule that has normal source / destination hosts and network objects in them.  I added an access role to the 'destination' column, and the policy verification fails stating " 'Destination' column of the rule contains both Access Roles and network objects". 

1. Why can't network objects and access roles co-exist in the same column?  

2. What is the best practice for deploying these rules?  Do I have to create an identical rule with the source / services, and put just the access role in for the destination?

R80.20 / JHFA 87

thanks,

Phil

0 Kudos
6 Replies
This widget could not be displayed.