Unified policy - how is that connection really handled?

Question asked by Michael Lawrence on Jan 10, 2018
Latest reply on Jan 30, 2018

OK, so in R80 we have this deal where we have a rule match by committee where the CMI, protocol parsers and pattern matchers are all looking at the rulebase column-by-column to build their array of "candidate rules" 


BUT - they need to let some of that traffic run in some cases to get enough info about it before making a decision.  So, what I start to wonder is how much, if any, of this "sample traffic" is let through before the connection is shut down?  Does the gateway keep it in some kind of queue pending the final policy decision or does some of that traffic actually transit the gateway prior to that decision being made?