04-23-2020 05:29 AM
hello Everyone hope everything is doing well.
questions for the experts on palo
i have 260 rules on my palo alto environment and they are subdivided in zones and i would like to make things more organized on my rules .
question is the rules more high used on the palo should be always first ? like more verbose rules or it doesn't matter where they are they will be no performance issue ?
thank you
Matheus
04-23-2020 02:10 PM
Hello,
Tricky question. If you are running code 9 or 9.1 then there is a counter for each policy so you can see which ones get hit more often. A few things to remember is that the PAN evaluates policies top to bottom left to right. So the order of the policies matter. What I do is put the stuff I know is a block, e.g. dynamic block lists, at the top so they dont sneak through. Then order the policies of highest use closer to the top without over riding a more specific policy.
Basically take your time and think it out. Do one or a few at a time so as not to cause confusion.
Hope that helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
