Hi all,
I have something like this:
from-zone trust to-zone untrust {
policy idp-app-policy-1 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
application-services {
idp;
}
}
}
}
policy utm-security-policy {
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
application-services {
utm-policy sophos-utm-policy;
}
}
}
}
policy utm_servers {
match {
source-address [ servers network_devices ];
destination-address any;
application any;
}
then {
permit {
application-services {
utm-policy servers_and_network_devices;
}
}
}
}
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
I only seem to be hitting the idp-app-policy-1 policy as that's the first permit. I know I have to move the most specific matches to the top of the chain, but I think then only that will match and the traffic will then not go through the idp and sophos policies.
What am I misunderstanding here and does above make sense? I want ALL traffic to be idp and sophos scanned and via the web filtering.
Thanks.