JWhitesPro_1928
Jul 05, 2016Cirrostratus
AFM Rule Evaluation
It seems in the back of my mind I am forgetting why this happens but I have an ACL similar to this, in this order:
1 - Allow tcp/443 from particular sources (some address lists, geo-ip etc) (action accept) 2 - DENY ALL Protocols from any source going anywhere (action drop) 3 - (Default)
Somehow I have things hitting the default rule...it seems to me like there was a reason I would see this but I can't think of why now...How is anything getting down to the (Default) if the DENY ALL rule is blocking every portovol, every port, every address, etc?
The default mode of this AFM is ADC so the default rule is allow...if we change to AFM mode is whatever is somehow getting past these denies going to be blocked?