Hugo van der Kooij

R80(.20) rule matching

Discussion created by Hugo van der Kooij on Nov 8, 2018
Latest reply on Nov 8, 2018 by Tal Ben Avraham

I was a bit surprised by the rule matching logic in R80(.20).

 

I have a parent rule for Internal to DMZ traffic:

And a parent rule for Internal to Internal traffic:

In the Internal to Internal policy I have a rule for my Active Directory traffic:

But as I missed a protocol in this bunch the traffic was dropped. But not on the rule I expected it to be dropped on:

 

So why would it drop on the wrong rule here?

There seems to be an inconsistence in the logging as it goes from Internal to Internal on the left hand but on the right hand it declares it from Internal to DMZ.

 

Can anyone explain why this inconsistence behaviour occurs?

Outcomes