[solved] Group rules with overlapping sort priority

Started by OPNenthu, Today at 06:05:56 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 06:05:56 AM Last Edit: Today at 07:01:38 AM by OPNenthu
After the upgrade from 26.1.9 -> 26.1.10 I am just now realizing an overlap in rule order between two interface groups when using the "All rules" filter in the new UI.  My "IG_OUT_WAN" group is interspersed with the "IG_OUT_VPN" group.  These are the only two affected.

Curiously, both groups are using the same "300002.xxx" sort order which should not happen, right?  I think the last digit in the priority group should be unique per interface/group if I'm not mistaken.

I will roll back to the snapshot for 26.1.9 and check the rule ordering there but that's as far back as I can go.  Was there a change in 26.1.10 that might affect this, or is it likely that this happened during my rule migration several releases ago and I never noticed?

I'm curious how this can happen.  Are there issues with cloning rules between groups that might cause the priority group number to carried over, perhaps?
N5105 | 8/250GB | 4xi226-V | Community
Today at 06:28:11 AM #1
The priority group number seems to be entirely decided by the number you put into the group itself when you create it.

Inside "Firewall - Groups" it has a sequence, and that influences the priority group.

EG all VPN groups will have 300010 because their Group Sequence is 10.
Hardware:
DEC740
Today at 07:01:15 AM #2
Yep, you're right.  The groups are both set to sequence 2.  My mistake.

Thanks!
N5105 | 8/250GB | 4xi226-V | Community
Print
Go Up Pages1
User actions