Security Policy with multiple rulesets?



  • I notice that an NSM security policy can have multiple rulesets - eg zone based firewall, global firewall, Syn protector. My question - are these each mutually exclusive? Or can they work together? If they work together, in what order are they processed/applied during operation?


  • Global Moderator

    Only zone-based firewall, global and multicast apply to firewalls. Everything else to IDP devices or integrated devices (ISG with IDP blade).



  • Turns out that the zone based firewall is processed entirely before the global firewall. This must be taken into account when factoring the rule ordering.


 

25
Online

38.4k
Users

12.7k
Topics

44.5k
Posts