A security administrator is troubleshooting a policy misconfiguration. The firewall is configured with a security rule that allows traffic from the 'Engineering' zone to the 'Servers' zone. However, traffic from an Engineering user to a server in the 'DMZ' zone is being denied. What is the most likely cause?
Trap 1: The rule is configured as an intrazone rule.
An intrazone rule would apply within the same zone, but the traffic is between different zones (Engineering and DMZ).
Trap 2: The rule is disabled in the rulebase.
If disabled, the rule would not appear in the rulebase or would be greyed out; there is no such indication.
Trap 3: SSL decryption is blocking the traffic.
There is no indication of decryption; the issue is policy mismatch.
- A
The rule only allows traffic from Engineering to Servers zone, not DMZ.
The rule explicitly allows Engineering to Servers; traffic to DMZ is not covered and is denied by default.
- B
The rule is configured as an intrazone rule.
Why wrong: An intrazone rule would apply within the same zone, but the traffic is between different zones (Engineering and DMZ).
- C
The rule is disabled in the rulebase.
Why wrong: If disabled, the rule would not appear in the rulebase or would be greyed out; there is no such indication.
- D
SSL decryption is blocking the traffic.
Why wrong: There is no indication of decryption; the issue is policy mismatch.