Day One Tips
Day One Tips

ScreenOS Policy Processing Order

‎12-07-2015 02:56 AM



Following this message in the ScreenOS forum, What is stated at :

about policies processing order is wrong .





According to ScreenOS cookbook :

As discussed in this chapter's Introduction section, global policies are processed in ScreenOS after all the intra-zone and inter-zone policies. Furthermore, it should be noted that when ScreenOS goes through a policy list, it does not process policies any further as soon as a match is found. Hence, if your inter-zone or intra-zone policies have an explicit Source-Any to Destination-Any deny/reject policy at the end of the policy set, the global policies will never be reached in the ScreenOS processing order.


A'bed AL-R.
[JNCSP-SEC JNCDA JNCIS-ENT Ingenious Champion|Sec]