cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

R80(.20) rule matching

I was a bit surprised by the rule matching logic in R80(.20).

I have a parent rule for Internal to DMZ traffic:

And a parent rule for Internal to Internal traffic:

In the Internal to Internal policy I have a rule for my Active Directory traffic:

But as I missed a protocol in this bunch the traffic was dropped. But not on the rule I expected it to be dropped on:

So why would it drop on the wrong rule here?

There seems to be an inconsistence in the logging as it goes from Internal to Internal on the left hand but on the right hand it declares it from Internal to DMZ.

Can anyone explain why this inconsistence behaviour occurs?

Tags (2)
0 Kudos
2 Replies
Vladimir
Pearl

Re: R80(.20) rule matching

Hugo,

The only thing that comes to mind is if your DMZs IPv6 scope is including the destination, but there is likely a mechanism that should prevent it from happening.

Highlighted
Employee+
Employee+

Re: R80(.20) rule matching

Hi,

Please verify your topology configuration. If it is configured correctly please open a support ticket.

Thanks,

Tal