Best Practices for Ordering of Policy layers and Rules within layers.

book

Article ID: 167682

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

You want to know about the order in which policy layers and rules should be applied

Resolution

Ordering of Policy Layers and Rules

1. Always order policy layers from the general to the specific.

When the ProxySG evaluates policy layers, layers that come last always override policy layers that precede it. So, establish a general rule in an early policy layer, and then write exception rules in later policy layers.

2. Always order rules within a policy layer from the specific to the general.

When the ProxySG evaluates the rules in a policy layer, it stops as soon as it finds a rule that meets the conditions; it does not look at subsequent rules in the layer, but moves on to the next layer.