If a rule does not match a parent rule, will the gateway still go over the child rules in the layer?
I might be using wrong teminology, so ill explain using an example:
Source Destination Action
1. management_net CP_Hosts Mgmt_layer
1.1 robert's pc HQ_XL accept
1.2 steven's pc R80_CMA accept
1.3 IT_Net R80_CMA accept
1.4 any any deny
2.DC_Net DC_Net DC_internal_layer
2.2 SAP_Net SAP_Net accept
2.3 any any deny
Lets say a packet that fits the layer in rule number 2 arrives at the gateway, will it still go over 1.1 & 1.2 & 1.3 and so on, or will it just skip the entire layer if it does not match the parent rule?
If it does skip the layer if it does not match the parent rule, how much of an imporvement in performance can we expect to see?