Universal policy Implicit Deny blocking Intrazone Traffic

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Universal policy Implicit Deny blocking Intrazone Traffic

L0 Member

Hi All,

 

I configured the implicit deny (Universal Policy) policy at the bottom of security policies but after that, I could see that some of the Intrazone access got denied by the implicitly deny policy.

 

How we can achieve the Implicit deny policy without affecting the intrazone  connections ??

 

Thanks in Advance...

2 REPLIES 2

Cyber Elite
Cyber Elite

@gpsriram,

By implicit Deny are you simply saying that you made essentially an 'any any' deny policy to capture any traffic that doesn't have a security policy?

Assuming that you are and that you are relying on your default intrazone policy to allow all of the traffic, the above policy isn't what you would want to do. You need to build out security entries for the intrazone traffic or make broad intrzone traffic allow policies above your implicit deny policy. I would personally recommend that you take the time to build out proper individual security entires to allow the traffic. 

L4 Transporter

Universal includes both interzone and intrazone.  If you have a universal deny policy, the behaviour you are seeing is operating as expected.  Change the rule to interzone instead of universal and it should operate as you are expecting.

  • 1839 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!