Firewall rule Facebook / Web URL / App-Filter

The lefthand number is the processing order which changes whenever you re-arrange your rules, the righthand number is the rule number which does not change. The rules are processed in the order down the left hand side.

Ian

I will answer your other questions later today my time.

Hi, how do I have to imagine the processing sequence of a rule.

What is the order in a rule until a hit is found.

As I said, I don't understand that the rules are hardly or almost completely addressed and my last rule applies,
where the services include HTTP / HTTPS, as ANY / ANY.

I wanted to keep it activated until everything worked reasonably well.

greeting

Using logviewer review what traffic is being passed by you any any rule and then use that information to fine tune your higher rules.

Ian

Hello,

ok thank you, I won't get any further here. The questions are not entirely answered for me.

I think my questions are not understood or not read.

greeting

The questions have been answered, but you do not seem to want to understand the answers.

the rules are processed top to bottom. Criteria can included network or device IP address, is the URL in the blocked list, is the application allowed, is the port valid. All these things show in the logviewer when you review the filtered output.

ian

I am fully aware of and understood the principle that every rule is processed from top to bottom and that the rule is then executed on the basis of the criteria.

Problem, which unfortunately also arises, that I use a switch behind the XG, also means that I cannot see everything in the log. But I'm only talking about rules that are set up in the direction of WAN.

Again the question, what is one of the criteria that a rule is executed.

Ask again, if the web rule usually applies, but is usually valid for every client, is it then carried out?

It is different if a web filter and an application rule are usually stored and the rule applies to all clients,
the WebFilter is valid, but the application is not, is this rule executed?

Are all mechanisms usually summarized as a logical AND or an OR link that a rule is executed.

That is a very crucial thing.

Firewalls are always applied based on Source IP, Destination IP and Service. 

You can replace Source IP by Username in context of a user based Firewall rule. 

There are no other criteria. If the firewall rule hits, it will apply the filters, attached to the rule (Web, app, ips etc.). 

ok, thank you, that fits, I can start something with that.

Thanks

I have to ask again

there is only one criterion, either with the IP / subnets or the users that a rule is applied to.

greeting

Its first match.