AnsweredAssumed Answered

Global Policy Rule Handling

Question asked by Jonathan Pitt on Nov 14, 2017
Latest reply on Nov 14, 2017 by Tomer Sole

Having implemented a Global Policy form my R80.10 CMA's I have come across multiple frustrations with rule numbering and rule identification during verification.

 

1) When using a, for example, 10 rule Global Policy, ALL domain level rules whether using Inline layer or not) exist as 11.x or 11.x.x.

 

2) When using a Global Policy (in my case that includes Inline Layers) policy verification errors report a non-existing rule number which makes tracking the issue very difficult.

 

3) When using Global Dynamic objects and Inline Layer Global Rules, unless the Global Dynamic Object is used at the "top level" Inline Layer rule e.g. 3 then any use of a Global Dynamic Object e.g. at 3.1 doesn't map correctly to the corresponding local domain defined group causing unknown error durring policy installation. This prevents the definition of network object or ANY based top level Inline Layer rules meaning I must essentially define the 5 inline layer source and destinations in the top level rule which makes the inline layer rules a little redundant if I'm already collapsing/defining all the rules into one at the top level (ignoring the security/service granularity benefits)

 

Are these known issues that are being looked at?

 

Thanks

Outcomes