AnsweredAssumed Answered

Access layer policies

Question asked by Egor Cherkasov on Nov 23, 2018
Latest reply on Nov 23, 2018 by Egor Cherkasov

Hello, Check Mates!

When we divide one access layer on many other layers such as Network layer, Application layer and so on, how exactly do the rules work?


For example, I have a network layer and an application one.


In the Network layer I have accept rule from the admin host in the network A to the network B (services any here) and drop rule for the source any and destination network B (services any here).


In the Application layer I have the following rules: 1 accept rule for the admin host in the network A to the network B, but  only with AD services. And the drop rule for the source any and destination network B (services any here).

The admin host can ping network B in that situation!


I thought that the rules are checking from the top to the bottom, like Cisco ACLs, but when I disabled cleanup rule from the Network layer, the ping had lost.


Eventually, I'm confused because of that. Why I have to add 2 cleanup rules, I guess that the one cleanup rule in the application layer is enough.


Thank you for your time and future assistance!