Does the FW process the audit policies and security policies in a specific order

35

#NAME?

Other related questions:
Security policy matching order on the USG6000
On the USG6000, the device preferentially executes security policies configured earlier. Therefore, you are advised to first configure security policies with smaller matching scopes and accurate matching conditions and then configure security policies with larger matching scopes and wider matching conditions.

Security policy matching order on the USG6000 series
When multiple security policies are to be matched, they are matched in a specific order. Therefore, you are advised to configure more fine-grained security policies first.

Security policy matching order on the USG9000 series
When multiple security policies are to be matched, they are matched in a specific order. Therefore, you are advised to configure more fine-grained security policies first.

Which source address shall I specify in a security policy on an FW configured with a source NAT policy
Specify a private address (source address) in a security policy on an FW. The private address is the one that is used before source NAT is performed. The FW matches packets with a security policy before enforcing a NAT policy. If the packets match the security policy, the FW performs source NAT for the packets. If the packets do not match the security policy, the FW discards the packets.

If multiple NAT policies are configured, how does an FW match packets with them
An FW matches packets with NAT policies in the top-down sequence. If the packets match a NAT policy, the FW processes the packets based on the policy and stops matching the packets with other NAT policies.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top