Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
299
Views
1
Helpful
1
Replies

Bug with Analyzer

rtarson98
Level 1
Level 1

‎01-01-2025 06:45 AM

So I am working on getting our firepower for our company setup. So far got things set up for the most part. Now I am just getting connectivity over site-to-site and make sure I can access servers and services throughout. I was adding rules for our XDR and MDR to make sure they dont get blocked and also the streaming service we use to access the desktops. However when I was adding more rules the analyzer keeps saying that all my rules under are "Shadowing". Saying that none of the rules are going to be hit because the proceeding rule matches. However I doubt see how this is true. 

The rule its matching on is the Geo-Block rule. We as a company have no reason to access or use anything outside North America. So I have it hard blocking any geo locations seen below:

Screenshot 2025-01-01 094257.png

 

in the Geo-Block-All every country is selected but USA and Canada.

The analyzer says this otherwise says that it matches the preceding rule. But what I notice in the defenseorchestrator it shows any for the destination network? So I dont know if this is the bug or I am doing something wrong?Screenshot 2025-01-01 094446.png

 

 

1 person had this problem
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-02-2025 06:10 AM

From what I can see in your screenshots it appears the shadowing rule is actually the #1 Allow-Standard-Outbound. Since it has "any" in the destination networks, Rule #2 and most subsequent rules will be shadowed

The policy analyzer is pretty new and I have found it can give misleading or downright incorrect results.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card