Inter-domain policy hit precedence causes service exception
2025-04-02 23:11:55
Published
- 0 Followed
- 0Collected ,358Browsed
Network Topology
Problem Description
After the on-site configuration as above, access from 192.168.44.1 to 1.1.1.2 is normal, which does not meet expectations.
Process Analysis
In inter-domain policies, any has the lowest precedence.
For traffic from trust to untrust, zone-pair security source Trust destination Untrust takes precedence over any.
Solution
#
zone-pair security source Trust destination Any
packet-filter 2000
#
zone-pair security source Trust destination Untrust
object-policy apply ip Trust-any-192.168.44.1
packet-filter 2000
#