Security policy matching order on the USG6000 series

20

When multiple security policies are to be matched, they are matched in a specific order. Therefore, you are advised to configure more fine-grained security policies first.

Other related questions:
Security policy matching order on the USG6000
On the USG6000, the device preferentially executes security policies configured earlier. Therefore, you are advised to first configure security policies with smaller matching scopes and accurate matching conditions and then configure security policies with larger matching scopes and wider matching conditions.

Security policy matching order on the USG9000 series
When multiple security policies are to be matched, they are matched in a specific order. Therefore, you are advised to configure more fine-grained security policies first.

What is the matching order of the firewall policy routes?
The matching order of the firewall policy routes is matched according to the node serial number following the policy-based-route policy from small to large.

Query of policy matching logs on the USG6000 series
By checking policy matching logs, you can learn traffic matching policies and determine whether security policies are correctly configured or achieve expected effects, to facilitate fault locating. Context Only the USG6000 supports policy matching logs, and such logs can be displayed only when a hard disk is installed. For the USG6650/6660/6670/6680, the policy matching log page is displayed no matter whether hard disks are installed. The firewall is deployed between the Internet and the network to be protected. If traffic matches a security policy, a policy matching log is generated. Before querying policy matching logs, run the log type policy enable command on the firewall to enable the policy matching log function. Choose Monitor > Log > Policy Matching Log to view information about policy matching logs. Choose Customize and select/deselect conditions for the display of policy matching logs. Click Export to export policy matching logs in CSV format to the management PC.

Components of the security policy on the USG6000 series
A security policy consists of matching conditions and actions.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top