Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
razor85
Explorer

R80 ordered policy never hits next policy

Hi,

 

in lab I tried to use ordered policy.

So I have defined 2 layers:

- layer1 with 4 rules

- layer2 with 2 rules and explicit deny as last rule

My problem is that traffic never hits policy evaluation in layer2. No matter if have have configured imlicit/explicit accept/deny.

For example I have rule matching traffic in layer1 policy - everything works fine.

Now I move this rule to layer2 - as a result traffic hits always rule in layer1 (implicit permit or deny)

I have R80.30 in lab.

0 Kudos
3 Replies
Maik
Advisor

Hi,

 

Did the same policy setup work with a lower version (R80.10 or R80.20)?

If not, could you share details regarding both layers, maybe obfuscated screenshots?

 

Regards

0 Kudos
razor85
Explorer

I did not test this on previous releases. Please see screens below. If I move rule number 4 to layer2 it never hit traffic. No matter if I have implicit/explicit permit/deny on layer1.
0 Kudos
PhoneBoy
Admin
Admin

Unless the traffic hits an accept rule in Layer 1, it will never be evaluated in Layer 2.
That's by design.
That said, if you set the implicit cleanup rule to accept in Layer 1, I would expect traffic to be evaluated in Layer 2.
Might be a bug and worth a TAC case.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events