I think the question and the answers are not clear😀.
Security Management R80.20 Administration Guide:
The default rules that are available as part of the Global properties configuration and cannot be edited. You can only select the implied rules and configure their position in the Rule Base:
- First - Applied first, before all other rules in the Rule Base - explicit or implied
- Last - Applied last, after all other rules in the Rule Base - explicit or implied, but before the Implicit Cleanup Rule
- Before Last - Applied before the last explicit rule in the Rule Base
Implied rules are configured to allow connections for different services that the Security Gateway uses. For example, the Accept Control Connections rules allow packets that control these services:
- Installation of the security policy on a Security Gateway
- Sending logs from a Security Gateway to the Security Management Server
- Connecting to third party application servers, such as RADIUS and TACACS authentication servers
Implicit cleanup rule
The default "catch-all" rule for the Layer that deals with traffic that does not match any explicit or implied rules in the Layer. It is made automatically when you create a Layer.
Implicit cleanup rules do not show in the Rule Base.
For R80.10 later version Security Gateways, the default implicit cleanup rule action is Drop. This is because most Policies have Whitelist rules (the Accept action). If the Layer has Blacklist rules (the Drop action), you can change the action of the implicit cleanup rule to Accept in the Layer Editor.
For R77.30 or earlier versions Security Gateways, the action of the implicit rule depends on the Ordered Layer:
Drop - for the Network Layer
Accept - for a Layer with Applications and URL Filtering enabled
Note - If you change the default values, the policy installation will fail on R77.30 or earlier versions Security Gateways.
PS: I had two questions in my CCSM VUE exam with commands that no longer existed.
➜ CCSM Elite, CCME, CCTE