Best Practices for Ordering of Policy layers and Rules within layers.

Article Id: 167682

Status: Published

Updated On: 30-03-2019 10:48

Legacy Id: TECH243594

Products:

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction:

You want to know about the order in which policy layers and rules should be applied

Resolution:

Ordering of Policy Layers and Rules

1. Always order policy layers from the general to the specific.

When the ProxySG evaluates policy layers, layers that come last always override policy layers that precede it. So, establish a general rule in an early policy layer, and then write exception rules in later policy layers.

2. Always order rules within a policy layer from the specific to the general.

When the ProxySG evaluates the rules in a policy layer, it stops as soon as it finds a rule that meets the conditions; it does not look at subsequent rules in the layer, but moves on to the next layer.