Understanding the order in which rules are read

To view a firewall’s filter or NAT rules, in the Monitoring > Firewalls menu, double click on a firewall and select the Filtering and translation tab. Rules are arranged by order of priority.

Order in which rules are read

Filter and NAT rules applied to a given firewall are the combination of two types of rules created in SMC:

  • Rules shared by several firewalls, created in the folders (folder to which the firewall and its parent folders belong),
  • Rules specific to the firewall, created in the firewall's settings. In the firewall monitoring view, the Number of specific rules column indicates the number of specific rules that each firewall has.

These rules are deployed in the firewall's global security policy. After these rules, the firewall's local security policy rules, if any, will be applied.

The firewall inherits rules from the folder it belongs to, as well as rules from its parent folders, which are applied in the following order:

  • High-priority rules configured in the folders, from the most general to the most specific,
  • Firewall's specific rules,
  • Low-priority rules configured in the folders, from the most specific to the most general.

A high-priority rule in the MySMC folder cannot be overwritten by another rule, it will always be the first rule to be applied. A low-priority rule in the MySMC folder will be overwritten by all the other rules defined in the folders or for a specific firewall.