A network administrator notices that traffic from the internal network to a specific external server is being blocked unexpectedly. The firewall policy allows any-to-any outbound traffic. The administrator checks the Unified Policy and sees a Security policy rule that permits the traffic, but the traffic is still blocked. What is the most likely cause?
Trap 1: A Zone Protection profile is dropping the traffic.
Zone Protection profiles apply at the zone level, and the admin checked only Security policy.
Trap 2: A decryption policy is blocking the traffic.
Decryption policies do not block traffic; they control decryption.
Trap 3: The Security policy rule has a source zone mismatch.
The rule allows any-to-any, so zone mismatch is unlikely.
- A
A Zone Protection profile is dropping the traffic.
Why wrong: Zone Protection profiles apply at the zone level, and the admin checked only Security policy.
- B
The Security policy rule has a DoS Protection profile applied that is dropping traffic.
DoS Protection profiles can drop traffic even if the rule permits it.
- C
A decryption policy is blocking the traffic.
Why wrong: Decryption policies do not block traffic; they control decryption.
- D
The Security policy rule has a source zone mismatch.
Why wrong: The rule allows any-to-any, so zone mismatch is unlikely.