Create a Post
Showing results for 
Search instead for 
Did you mean: 

R80.10 Threat prevention policy enforcement order


Can you please clarify the order of processing rules in R80.10 Threat Prevention policy, using single layer?

For example, if the first rule(where only Threat Emulation is enabled in profile) is matched, will other rules be checked?

I mean, other rules with Antivirus, for instance.

So, the rule base will look like this:

1   any    any   Profile1(Threat Emulation only)

2   any   any   Profile2(Antivirus and IPS)

Will traffic be checked with Antivirus and IPS here?

Thank you in advance.

2 Replies

Hi, it depends on the type of the traffic.

IPS traffic will look for the IPS rule. AV traffic will look for the AV rule, etc.

regarding multiple layers and rules, see 


Thank you Tomer!

0 Kudos