Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Two Layers - Order rule issues

Hi Checkmaters.


I had a very strange problem. I have a firewall policy with two layers, one for firewall rules and other for app control and url filtering. (layer.jpeg)

The CleanUp rule in the second layer is Accept. (cleanup_accept.jpeg)

A specific traffic was being accepted in the cleanup rule, but it was intermittent, sometimes working, sometimes not. (cleanup_accept_log.jpeg).

In a desperate attempt to solve the problem, I created a specific rule in the top of the second layer to deal with this traffic. For my surprise, the problem was solved, the traffic worked perfectly. (specific_rule.jpeg and specific_rule_log.jpeg)

What happened? I have no idea! Has anyone had this problem? Do you have any idea why this happened?

Thank you!

PS: version R80.30, take 111.

 

0 Kudos
3 Replies
Highlighted
Admin
Admin

When it was matching on a different rule (before you added the specific rule) what rule did it match on?
Note that evaluation against the rulebase is a continual process and if the stream looks like a different app later on, and a different, earlier rule matches, it will apply instead.
This is by design.
0 Kudos
Highlighted

It was matching in the CleanUp Rule, whose action is Accept.

There was no policy change that could impact.

0 Kudos
Highlighted
Admin
Admin

The policy didn't change but the traffic stream clearly did in how it was identified.
I'm also not clear from your explanation either what rule it was supposed to match or what rule was matching instead when things stopped working.
0 Kudos