[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] true or false
"Reed Mohn, Anders" schrieb: > Here, it will traverse the rule base, top-down. It hit's rule three, which > permits the traffic. > Now, there is no need to continue traversing the rule base, because, as the > text says: reordering > the rules is _not_ going to change the outcome. Thus, processing can stop at > this point. > If you _do_ reorder the rules (switch #5 and #3), it will hit the User Auth > rule first. This time, > it will continue traversing the rule base, looking for a less restrictive > rule further down. > Whether it now looks for the first possible match, or the best possible > match, I don't know. > > Cheers, > Anders :) That's exactly how I understood it. If authentication in involved, it will not neccessarily hit the first matching rule, but the least restrictive. This is clearly a break in the logical structure, but it doesn't hurt much, once you've learnt it. Mit freundlichen Grüßen/Kind regards Jörg Oertel -- Joerg Oertel Tel:02225/8820 MOSAIC SOFTWARE AG Fax:02225/882201 Feldstraße 8 e-mail:[email protected] 53340 Meckenheim www.mosaic-ag.com =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|