What is the relationship between the actions defined in a security policy and a profile

8

If a flow matches a security policy, the device performs the defined action of the policy on the flow.
-If the action is Block, the device blocks the flow.
-If the action is Permit, the device matches the flow with the profiles referenced by the security policy.

If no match is found, the device permits the flow. If the flow matches one or more security profiles, the device will perform the following actions:
If the action of one of these profiles is Block, the device blocks the flow.
If the actions of these profiles are Alert, the device permits the flow and records a log.

Other related questions:
What is the relationship between the applications defined in a security policy and a profile
They are not related. The application defined in a security policy is the condition for the traffic to match the policy, whereas the application defined in a profile is the condition for the traffic to match the profile. The FW compares the traffic attributes with the defined application when the traffic matches a security policy or profile.

Relationship and differences between the service-manage command and the security policy of an interface
The service-manage command is used to allow or reject the administrator to access the firewall using HTTP, HTTPS, Ping, SSH, SNMP, and Telnet. The security policy is used to control the traffic forwarding and integrated traffic content detection of the firewall. After you enable the access management function for an interface, the administrator can manage the firewall over this interface even if the security policy for the zone where the interface resides and the local zone is not enabled. By default, the management interface (GE0/0/0) allows the administrator to access the firewall using the HTTP, HTTPS, Ping, SSH, SNMP, and Telnet, and the non-management interface does not allow the administrator to access the firewall using these protocols. Note: If you need to control the access permissions of the firewall based on source IP addresses, you can disable the access control (using the undo service-manage enable command) and then configure the security policy to control the source IP address.

Can multiple security policies reference the same profile
Yes. Security policies that reference the same profile do not affect one another.

What is the logical relationship between Route-Policy nodes
Route-Policy filters routing information and sets route attributes for the routes that match the Route-Policy. The filtering relationship between the Route-Policy nodes is OR. That is, if a route matches a node, the route matches the Route-Policy. If a route does not match any node, the route fails to match the Route-Policy. If the relationship between matching rules is AND, the result is applied only after Route-Policy sends the pass response.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top