We are running a WAF on a virtual appliance with SFOS 18.0 installed.
In the firewall rules created for WAF forwarding, two Exceptions are set.
In the first exception, two Advanced items are checked for "Any IPv4".
In the second exception, all security checks are excluded for a specific source IP address.
In this situation, access from the source IP address set in the second exception was blocked with the message "SXL category IPCAT_BOTS".
The above block was avoided by checking the "Skip remote lookups for clients with bad reputation" checkbox.
In SFOS 18.0 WAF forwarding rules, are exception settings processed from the top, and if the first exception is met, is the second exception handling ignored?
Is there any other logic to explain this phenomenon?
This thread was automatically locked due to age.