Universal policy Implicit Deny blocking Intrazone Traffic

Reply
Highlighted
L0 Member

Universal policy Implicit Deny blocking Intrazone Traffic

Hi All,

 

I configured the implicit deny (Universal Policy) policy at the bottom of security policies but after that, I could see that some of the Intrazone access got denied by the implicitly deny policy.

 

How we can achieve the Implicit deny policy without affecting the intrazone  connections ??

 

Thanks in Advance...

Highlighted
Cyber Elite

@gpsriram,

By implicit Deny are you simply saying that you made essentially an 'any any' deny policy to capture any traffic that doesn't have a security policy?

Assuming that you are and that you are relying on your default intrazone policy to allow all of the traffic, the above policy isn't what you would want to do. You need to build out security entries for the intrazone traffic or make broad intrzone traffic allow policies above your implicit deny policy. I would personally recommend that you take the time to build out proper individual security entires to allow the traffic. 

Highlighted
L4 Transporter

Universal includes both interzone and intrazone.  If you have a universal deny policy, the behaviour you are seeing is operating as expected.  Change the rule to interzone instead of universal and it should operate as you are expecting.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!