Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Explorer

R80 ordered policy never hits next policy

Hi,

 

in lab I tried to use ordered policy.

So I have defined 2 layers:

- layer1 with 4 rules

- layer2 with 2 rules and explicit deny as last rule

My problem is that traffic never hits policy evaluation in layer2. No matter if have have configured imlicit/explicit accept/deny.

For example I have rule matching traffic in layer1 policy - everything works fine.

Now I move this rule to layer2 - as a result traffic hits always rule in layer1 (implicit permit or deny)

I have R80.30 in lab.

0 Kudos
3 Replies
Highlighted
Advisor

Hi,

 

Did the same policy setup work with a lower version (R80.10 or R80.20)?

If not, could you share details regarding both layers, maybe obfuscated screenshots?

 

Regards

0 Kudos
Highlighted
Explorer

I did not test this on previous releases. Please see screens below. If I move rule number 4 to layer2 it never hit traffic. No matter if I have implicit/explicit permit/deny on layer1.
0 Kudos
Highlighted
Admin
Admin

Unless the traffic hits an accept rule in Layer 1, it will never be evaluated in Layer 2.
That's by design.
That said, if you set the implicit cleanup rule to accept in Layer 1, I would expect traffic to be evaluated in Layer 2.
Might be a bug and worth a TAC case.
0 Kudos