Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
marcinw
Contributor

Traffic prevented on Anti-Bot but accepted on firewall

Hi 


I am wondering if this is something that I should be worry about ? I assume that it should be alright that traffic is accepted on implied rule and next is stopped by Anti-bot 

 

ipsprev.png

 

 

0 Kudos
3 Replies
AmirArama
Employee
Employee

the traffic is accepted by the Firewall blade access (implied rules) but dropped by AB. 

you can double check it with tcpdump/fw monitor/fw ctl zdebug + drop | grep x.x.x.x

Lesley
Leader Leader
Leader

Looks normal behavior. Sometimes the firewall needs to allow a bit of traffic in order to further check it. It can happen that firewall decides to block it in a later stadium. 

Also some policy’s are separate. For example firewall policy and app / url filtering can be separate. So traffic first passes firewall rule base and it is allowed. But then I check the application filtering rulebase and then it could be blocked. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
the_rock
Legend
Legend

As Amir had said, I would also do zdebug to confirm.

Best,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events