Surely I'm missing out on something here...
I have a huge rulebase with many rules for traffic coming from the internet to resources in our network.
Up until now, the GEO policy was handled seperately, meaning that traffic would first be checked by the GEO policy and then by the rulebase.
Now, if I put the GEO rules at the top of my access policy in the format of let's say:
Source: USA
Destination: ANY
Action: Block
and I'll bypass some specific IPs from USA, they would just bypass the ENTIRE rulebase and won't be assessed anymore. isn't that so?
I mean, I DO want them not to be blocked by the GEO rules, but I still want them to be assesed and blocked/allow by the rest of the rulebase