What Order are Security Services Processed in TZ Firewalls

Bo_Hic

Hello,

I'm curious where I can find information regarding the order in which the security features are enforced on the TZ series firewalls. For instance, is GEO-IP Filter processed before Access Rules? Is Gateway Antivirus first, second, third, etc.? I ask because I set up an IP block list for WAN to ANY and the traffic from these blacklisted IPs are getting blocked via a different rule -1387 Security Services TCP Null Flag Dropped -. I also notice that packets from IP addresses originating from countries on the Geo-IP block list are coming through and not getting dropped by the Geo-IP rules but getting dropped for other reasons, like X-Mas Tree or TCP Null Flag, etc. I speculate that different security services take more processing power and it would make sense to just drop a packet based on the flags and thus never have to even check it against a black list or a Geo-IP filter. But, alas, I am a simple IT guy and that's why I'm here. :)

Biggest question… in what order are these rules and security features applied when a packet comes into the firewall?

Thanks!

James

BWC

This might be what you're looking for.

https://www.sonicwall.com/support/knowledge-base/sonicos-packet-flow-in-global-and-policy-mode/240104055537077

—Michael@BWC

Bo_Hic

https://community.sonicwall.com/technology-and-support/discussion/comment/22517#Comment_22517

Yes! Thank you!