A security team notices that traffic from a specific internal subnet is not being inspected by the firewall. They have configured a security policy rule that matches the subnet and allows the traffic, but the traffic is still not being logged or inspected. What is the most likely cause?
Trap 1: The rule is placed below an earlier rule that also matches the…
This could cause the earlier rule to be matched first, but the question states the traffic is not inspected at all, not that it matches a different rule.
Trap 2: The firewall's license for the threat prevention subscription has…
License expiry would affect inspection capabilities, but the firewall would still apply security rules; it would just not perform threat inspection.
Trap 3: The firewall is in an active/passive HA pair and the passive unit…
HA state does not affect rule evaluation; the active unit handles traffic and applies rules.
- A
The rule is placed below an earlier rule that also matches the traffic.
Why wrong: This could cause the earlier rule to be matched first, but the question states the traffic is not inspected at all, not that it matches a different rule.
- B
The firewall's license for the threat prevention subscription has expired.
Why wrong: License expiry would affect inspection capabilities, but the firewall would still apply security rules; it would just not perform threat inspection.
- C
The firewall is in an active/passive HA pair and the passive unit is handling traffic.
Why wrong: HA state does not affect rule evaluation; the active unit handles traffic and applies rules.
- D
The rule is disabled in the rulebase.
A disabled rule is not evaluated, so traffic matching that rule will not be inspected.