Hello, Check Mates!
When we divide one access layer on many other layers such as Network layer, Application layer and so on, how exactly do the rules work?
For example, I have a network layer and an application one.
In the Network layer I have accept rule from the admin host in the network A to the network B (services any here) and drop rule for the source any and destination network B (services any here).
In the Application layer I have the following rules: 1 accept rule for the admin host in the network A to the network B, but only with AD services. And the drop rule for the source any and destination network B (services any here).
The admin host can ping network B in that situation!
I thought that the rules are checking from the top to the bottom, like Cisco ACLs, but when I disabled cleanup rule from the Network layer, the ping had lost.
Eventually, I'm confused because of that. Why I have to add 2 cleanup rules, I guess that the one cleanup rule in the application layer is enough.
Thank you for your time and future assistance!