I'm running a R80.10 eval management server where I have imported my 77.30 database, to train myself a bit before upgrading to r80.10, I currently have 16 firewalls around the world (including Azure and AWS) and one policy package with every thing.
I'm planing to have a Policy/tab for each firewall and because there are common rules that has to be on all firewalls, I will like to use layers.
I'm struggling a bit to get my head around do's and dont's using layer in R80.10.
If I have tree layers in my policy 1, 2 and 3, layer 1 and 2 shall have a cleanup rule that accept all and layer 3 should have a clean up rule that drops all, the packets will start with layer 1, if no match it will go to layer 2, if no match it will go to layer 3, if no match dropped by the clean up rule, is this correct?
Normally if you have a any, any rule with accept it will be a hit and stop processing any more rules.
If I use Search in packet mode I only see match in layer 1 where the clean up rule is the last match.
Have I misunderstood something?
Is there any best practice for using layers?