Exam 156-215.80 topic 1 question 60 discussion

C is correct https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/Ordered-Layers-and-Inline-Layers.htm

https://community.checkpoint.com/t5/Management/Policy-Layers-in-R80-x/td-p/1717 and https://community.checkpoint.com/legacyfs/online/checkpoint/40533_pastedImage_4.png

from post of fepe15, the parent rule is the part of inline layer and the matching continues to next rule of ordered layer if parent rule is mismatch. So answer C is incorrect, it describes any inline layer isn't matched.

The Inline Layer has a parent rule (Rule 2 in the example), and sub rules (Rules 2.1 and 2.2). The Action of the parent rule is the name of the Inline Layer. If the packet does not match the parent rule of the Inline Layer, the matching continues to the next rule of the Ordered Layer (Rule 3). If a packet matches the parent rule of the Inline Layer (Rule 2), the Security Gateway checks it against the sub rules: If the packet matches a sub rule in the Inline Layer (Rule 2.1), no more rule matching is done. If none of the higher rules in the Ordered Layer match the packet, the explicit Cleanup Rule is applied (Rule 2.2). If this rule is missing, the Implicit Cleanup Rule is applied (see Types of Rules in the Rule Base). No more rule matching is done. Important - Always add an explicit Cleanup Rule at the end of each Inline Layer, and make sure that its Action is the same as the Action of the Implicit Cleanup Rule.

For sure the C is the correct answer: Here is from the checkpoint document: If the packet does not match the parent rule of the Inline Layer, the matching continues to the next rule of the Ordered Layer (Rule 3). If a packet matches the parent rule of the Inline Layer (Rule 2), the Security Gateway checks it against the sub rules: If the packet matches a sub rule in the Inline Layer (Rule 2.1), no more rule matching is done. If none of the higher rules in the Ordered Layer match the packet, the explicit Cleanup Rule is applied (Rule 2.2). If this rule is missing, the Implicit Cleanup Rule is applied (see Types of Rules in the Rule Base). No more rule matching is done. https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/Ordered-Layers-and-Inline-Layers.htm

nooooo the Implied Rules are part of the inline layer. so C is irrelevant

End of questions, it's C https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_SecurityManagement_AdminGuide/Content/Topics-SECMG/Ordered-Layers-and-Inline-Layers.htm If none of the higher rules in the Ordered Layer match the packet, the explicit Cleanup Rule is applied (Rule 2.2). If this rule is missing, the Implicit Cleanup Rule is applied (see Types of Rules in the Rule Base). No more rule matching is done.

C could be WRONG because it's written very bad: it talks about matching IMPLICIT CLEANUP, but according to the best practices, you should have an EXPLICIT CLEANUP (I'm sure all of you have defined an EXPLICIT "Note - If you use the Cleanup rule as the last explicit rule, the Last Implied Rule and the Implicit Cleanup Rule are not enforced" And I want add to the discussion that an inline layer is A PART of an Ordered Layers. So it's not so obvious that when the packet does not match any inline layers it will finish on the cleanup. That's because the rule base is not composed only of inline layers ;) My2cents

To me the one that makes most sense is C. As I understand it, if the packet does not match any of the inline layers, that means we have arrived at the end of a specific ordered layer, and at the end there is always the Implicit Clean=up Rule, which discards the packet. B However, matching an inline layer, doesn't mean you continue to the next layer, because if the rule matched in the inline layer is an action DROP, then nothing else will be checked.

I think C is the right answer

I think the correct answer is C. The question is about Policy with Inline LayersIt's. It´s very clear in the link reference.

The question says what is the BEST answer. B and C are correct, but i think that B is more embracing. So, I would choose B as the BEST answer.

C is correct, read below for clarity. https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_SecurityManagement_AdminGuide/Content/Topics-SECMG/Ordered-Layers-and-Inline-Layers.htm

I also think the correct answer is C. I suspect the confusion here is the difference between Policy Layers and Inline Layers.

I think the correct answer is C. From the reference provided in explanation: In Ordered Layers when an accept rule from the first layer is matched, the gateway goes over the rules in the next layer. In Inline Layers only traffic matched/accepted on the parent rule will reach and be inspected by the inside layer rules. The question is about inline layer, not ordered layer!