Matching priority of the user-defined rule, whitelist, blacklist, and predefined filtering


The matching sequence is whitelist -> blacklist -> user-defined -> predefined.
If a URL matches the whitelist, the access is permitted. Otherwise, the device searches for a match of the URL in the blacklist. If a match is found in the blacklist, the access is blocked. If no, the device continues to search for a match of this URL in the user-defined categories. If a match is found, and the action for the matched category is Block, the access is blocked. If no match is found, the device continues to search for a match of this URL in the predefined rules.

Other related questions:
Matching priority of firewall packet-filter and policy interzone on the USG9000
policy interzone has a higher priority.

Matching rules of ACL
The display order of ACL rules determines the ACL matching principles. During ACL matching, a look-up is performed from the first rule displayed in the ACL. When one rule matches, the look-up is completed. The earlier a rule is displayed, the easier for it to be matched. The factors that determine the display order are the rule ID and matching methods. Matching methods include matching in configuration order or in automatic order. If the configuration order is used, the matching will be performed according to the order in which the ACL rules are configured. Rule IDs can be set by users, or can be automatically generated by the system based on the step, which is convenient for rule maintenance and insertion of new rules. For example, the default step of ACL is 5. If the user does not set a rule ID, the first rule ID automatically generated by the system is 5. When the user needs to insert a new rule before rule 5, a rule ID smaller than 5 can be set. The new rule now is the first rule. If the automatic order is used, the system automatically generates rule IDs, and ranks the rules with the highest precision to the top of the list. This can be achieved by comparing the length of the wildcard characters of addresses. The shorter the length is, the smaller the assigned NE range is.

How can I display blacklists and whitelists on the SC?
To display blacklists and whitelists on the SC, perform the following operations: 1. Run the display command to go to the display view. 2. Enter the roster-item [id id] command to display all or specified blacklists and whitelists. For details, see HUAWEI SMC2.0 V500R002C00 SC Command Reference Guide.

How many blacklists and whitelists does U1980 support?
A maximum of 10000 personal blacklists and whitelists, and a maximum of 5000 (half of the user quantity) system blacklists and whitelists can be configured on U1980. For more information, see the U1980 product documentation.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top