https://live.paloaltonetworks.com/t5/general-topics/rule-shadowing/m-p/17166#M12532 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"> <P>jprovine wrote:</P> <P></P> <P>so the rule needs to be moved above the rule that it shadows to be affective if there are any differences in the rule to start with</P> </PRE><P>Correct, firewall rules are processed from the top of the list down.&nbsp; And they stop processing on the FIRST match of criteria.</P><P></P><P>Thus you need your most specific rules to appear in the rule base before the least specific rules.</P></BODY></HTML> Fri, 03 Apr 2015 10:37:18 GMT pulukas 2015-04-03T10:37:18Z https://live.paloaltonetworks.com/t5/general-topics/rule-shadowing/m-p/17163#M12529 <HTML><HEAD></HEAD><BODY><P>does that basically mean you have more than one rule doing the same thing?</P></BODY></HTML> Thu, 02 Apr 2015 18:26:48 GMT https://live.paloaltonetworks.com/t5/general-topics/rule-shadowing/m-p/17163#M12529 jdprovine 2015-04-02T18:26:48Z https://live.paloaltonetworks.com/t5/general-topics/rule-shadowing/m-p/17164#M12530 <HTML><HEAD></HEAD><BODY><P>Yes.&nbsp; It means that traffic will never hit the rule you just added because there is a rule above it that matches (at least) all of the criteria of the one you just created.</P><P></P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/docs/DOC-1624">https://live.paloaltonetworks.com/docs/DOC-1624</A></P></BODY></HTML> Thu, 02 Apr 2015 19:20:53 GMT https://live.paloaltonetworks.com/t5/general-topics/rule-shadowing/m-p/17164#M12530 Bradley_Melton 2015-04-02T19:20:53Z https://live.paloaltonetworks.com/t5/general-topics/rule-shadowing/m-p/17165#M12531 <HTML><HEAD></HEAD><BODY><P>so the rule needs to be moved above the rule that it shadows to be affective if there are any differences in the rule to start with</P></BODY></HTML> Thu, 02 Apr 2015 21:38:13 GMT https://live.paloaltonetworks.com/t5/general-topics/rule-shadowing/m-p/17165#M12531 jdprovine 2015-04-02T21:38:13Z https://live.paloaltonetworks.com/t5/general-topics/rule-shadowing/m-p/17166#M12532 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"> <P>jprovine wrote:</P> <P></P> <P>so the rule needs to be moved above the rule that it shadows to be affective if there are any differences in the rule to start with</P> </PRE><P>Correct, firewall rules are processed from the top of the list down.&nbsp; And they stop processing on the FIRST match of criteria.</P><P></P><P>Thus you need your most specific rules to appear in the rule base before the least specific rules.</P></BODY></HTML> Fri, 03 Apr 2015 10:37:18 GMT https://live.paloaltonetworks.com/t5/general-topics/rule-shadowing/m-p/17166#M12532 pulukas 2015-04-03T10:37:18Z