Ordering of Firewall Rules and Rule Grouping

Forum|Forum|6 years ago
May 19, 2020
1 reply
3590 views

I understand that firewall rules are processed from top to bottom and packets that are not matched to any rules are denied (assuming that is what your last rule does).

My question is whether their are any guidelines for rule ordering based on the rule being processed? For instance should rules containing NAT translation be placed at the top? What about rules processing inbound internet traffic?

Finally can sequence groups be nested?

Regards,

Ian

Toshi_Esumi

SuperUser

I don't quite understand what you're asking exactly. But the policies are stacked up based on source/destination interface pair. The order of inbound policies wouldn't affect to the order of outbound policies. Generally most specific one comes to the top regardless NAT is on or off.

idaleAuthor

New Member

Toshi,

Firstly thanks for the response.

My understanding is that the firewall rules are ordered based on the order you decide correct?

Ian

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded