This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Bob_Zimmerman
Authority
Authority
‎2025-07-10 02:55 PM

Ordered can be nice for delegating control to different parallel teams. For example, an incident response team can have a layer for country-based blocking and blocking specific attackers, then the firewall team can control normal firewall rules, then the web filtering team can control Application Control/URL Filtering.

In my experience, inline layers are a headache. Every deployment I've ever seen results in weird drops which the admins don't understand (once traffic is sent to an inline layer, it can't go back up, and cleanup drops get a weird message). Rules wind up in the wrong places (e.g, below a rule which sends the traffic to another layer), and when the problem is identified, the rule gets added in the right place but the incorrect rule is left because getting permission to delete a rule is so painful. Additionally, most policy analysis tools I've tried don't handle inline layers very well.

My company is in the process of flattening our inline layers across the board.

(1)
Who rated this post