Unexpected execution of inline layer rules

Vladimir · ‎2018-02-21

I am going through CP labs (11 Security Management Lab.pdf) in Infinity R80.10 training and am observing that in this policy:

Rule 5.5 is being executed on the traffic that should've been subjected to the treatment by the cleanup rule 4.3.

Rules 4.x are in a layer with content filtering blade only and rules 5.x are in a layer with Applications and URLs.

Actually, all of the App Control and URL filtering rules continue working normally.

Can someone tell me why would this be the case?

PhoneBoy · ‎2018-02-21

That would imply the traffic did not match Rule 4, which would be the only way for traffic to get to Rule 5.5.

What is the traffic in question?

Vladimir · ‎2018-02-21

VODKA | Smirnoff was blocked with notification.

Tomer_Sole · ‎2018-02-21

are you sure the source was within 192.168.101.0/24 but was still matched for parent rule 4 which is sources for 192.168.102.0/24 ?

Vladimir · ‎2018-02-22

Positive.

Norbert_Bohusch · ‎2018-02-22

Can you share a screenshot of a log entry showing this?

Vladimir · ‎2018-02-22

Sorry, can't do: this was a cloud lab that is destroyed now and I was too slow to get the logs.

If I'll have time, I'll try to replicate it in my own lab.

Are you a member of CheckMates?