Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Alex_Mondol
Participant

Rule Processing Order and Legacy Rules with Any as Source

I need some help on finding documentation regarding how rules get processed now in R80.30. We have implemented Geo-Fencing with updatable objects. over all the Geo-Fencing has done its job.... but we find that in some legacy rules that may be overly permissive have source as Any into our network for specific DMZ areas are not getting Geo Fenced. Yet we have found if we put "Internet" as a source to some of these rules the Geo-Fencing in rule 2 does take effect. Why is this? and is the "Internet" a best practice for these overly permissive rules? Management has asked for documentation of how rules are processed as well. Can you point me in the right direction for these documents? 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

Precisely how are you configuring the Geo Protection?
A concrete example would be helpful.

In general, though, R80.x evaluates using column-based matching.
More on this here: https://community.checkpoint.com/t5/General-Management-Topics/Unified-Policy-Column-based-Rule-Match...
0 Kudos