Can I give a new admin limited rights to just one rule?
No, the permission can be defined on an entire Layer and not on a single rule.
You can limit a new admin to edit just specific layers.
The feature is supported for both Inline Layer and Ordered Layer.
You can provide an admin access rights to an inline layer in the policy, traffic needs to match the parent rule before reaching the inline layer. An inline layer can contain multiple rules but will only inspect the traffic that matched the parent rule.
I have heard of Inline layer. What is Ordered Layer? And can you explain the difference between the two?
R80 introduces a new policy concept called Layers to efficiently work with the rule base.
For Access Control Policy Two types of layers for maximum flexibility exists, inline layer and ordered layer. Where layers allow separating the security policy into multiple components. In this way creating better security and manageability. Support concurrent-admin's and segregation of duties, allow organizations to reuse of layer either as inline or ordered in multiple policy's to be more efficient.
For backward compatibility with pre-R80 gateway you will use ordered layers to manage the Firewall rule base and Application control rule base, where first layer needs to be Firewall layer and second layer needs to be Application control and URL Filtering layer.
During an upgrade from pre-R80 to R80 with gateways using policy packages that are using Firewall and Application control policy's, the existing policy will be separated to ordered Layer with Network Layer – Firewall policy rules as the first layer and Application Layer – Application control policy rules as the second layer.
Here is an example of traffic matching using
Please refer to Layers in R80 for general questions about the types of layers in R80. I will copy Jim Oqvist's post from this thread to there just for the order of things and also because it's so nicely written.
Retrieving data ...