Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rabindra_Khadka
Contributor

Traffic Accept and Drop both for same source IP and same destination IP

Hello Team,

 

I am facing one issue on one of the customer, It is related to the firewall blade logs, We can see on both the logs the traffic is coming from same internal ip address and going to same external ip address.

In first rule we have accept policy for one of the domain which resolved that that external ip-address.

In second rule we have the drop rule for malacious ip address group.

 

So, My concern is that once the firewall rule has the accept the traffic already in first rule, why is it block by second rule.

According to firewall rule once the traffic is accept if first rule, it should not check the second rule right ?

 

Please look on the attachment for reference.

 

Thank You

 

 

 

0 Kudos
3 Replies
Chris_Atkinson
Employee
Employee

The match criteria (service) is different for each log / rule, start there.

0 Kudos
Rabindra_Khadka
Contributor

Dear Chris_Atkinson

I am sorry to mention that the match service is also the same TCP 443.
Can you please check again what can be the reason
0 Kudos
Chris_Atkinson
Employee
Employee

The full log cards might provide additional detail of the drop. 

TCP/443 & HTTPS arent necessarily the same thing.

0 Kudos