11-23-2016 05:48 AM - edited 11-23-2016 05:49 AM
Hi there,
if we are going to the tab "Policy" we will see 7 different sub tabs. The tabs are:
Security
NAT
QoS
PBF
App Override
Captive Portal
DoS Protection
So I know for example that Security rules are always checked before NAT rules but whats about the rest? I spent planty of time google for this information but without success.
11-23-2016 06:05 AM
Hi,
For the security and NAT it is will go in order. My guess for rest of the sub tabs as well.
So security policy from top > bottom until first match. If the NAT is configured same from top > bottom. Traffic will be scanned from top>bottom for every sub tabs if configured.
11-24-2016 08:58 AM
Do look at the packet flow process noted above. The general flow is:
Routing lookup - This is needed to assign zones and know the egress interface
NAT - This occurs then to get the final ip addresses after NAT
Security policy check - now we have all the information to confirm if the flow is permitted
Deeper inspections - if permitted, we perform any deep inspections applied to the policy
https://live.paloaltonetworks.com/t5/Learning-Articles/Packet-Flow-Sequence-in-PAN-OS/ta-p/56081
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
