Hello,

I recently started enforcing policies with Cisco Secure Workloads.  When I check Policy Analysis, I see Policy Categories of "permited:rejected" or "rejected:permited".  It seems that the analysis reads it as traffic is allowed or rejected one way but in the other direction, it's the opposite.  The firewalls or Windows Filtering Platform are stateful so I don't see how this could be the case. I'm not sure what these mean.

Also, does the Analysis look at TCP sequence when determining rejected, permitted or escaped?  Or does it purely look at the policies?

Thanks