This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Vladimir
Champion
Champion
‎2018-02-21 11:16 AM

Unexpected execution of inline layer rules

I am going through CP labs (11 Security Management Lab.pdf) in Infinity R80.10 training and am observing that in this policy:

Rule 5.5 is being executed on the traffic that should've been subjected to the treatment by the cleanup rule 4.3.

Rules 4.x are in a layer with content filtering blade only and rules 5.x are in a layer with Applications and URLs.

Actually, all of the App Control and URL filtering rules continue working normally.

Can someone tell me why would this be the case?

0 Kudos
Reply
6 Replies
PhoneBoy
Admin
Admin
‎2018-02-21 03:31 PM

That would imply the traffic did not match Rule 4, which would be the only way for traffic to get to Rule 5.5.

What is the traffic in question?

0 Kudos
Reply
Vladimir
Champion
Champion
‎2018-02-21 04:20 PM
In response to PhoneBoy

VODKA | Smirnoff was blocked with notification.

0 Kudos
Reply
Tomer_Sole
Mod
Mod
‎2018-02-21 10:09 PM

are you sure the source was within 192.168.101.0/24 but was still matched for parent rule 4 which is sources for 192.168.102.0/24 ? 

0 Kudos
Reply
Vladimir
Champion
Champion
‎2018-02-22 04:51 AM
In response to Tomer_Sole

Positive.

0 Kudos
Reply
Norbert_Bohusch
Advisor
‎2018-02-22 12:58 PM

Can you share a screenshot of a log entry showing this?

0 Kudos
Reply
Vladimir
Champion
Champion
‎2018-02-22 01:19 PM
In response to Norbert_Bohusch

Sorry, can't do: this was a cloud lab that is destroyed now and I was too slow to get the logs.

If I'll have time, I'll try to replicate it in my own lab.

0 Kudos
Reply