SonicOS/X 7 About SonicOS and SonicOSX
- About SonicOS and SonicOSX 7
- Firewall Management Methods
- About the SonicOS/X Management Interface
- What's New in SonicOS/X 7.0.1
- Features in Both SonicOS and SonicOSX
- Features Specific to SonicOSX
- Features Specific to TZ, NSa and NSsp 13700
- Features Specific to NSv
- Features Specific to NSsp 15700
- SonicWall Support
About the Shadow Feature
The POLICY | Rules and Policies > Shadow page shows which rules are being shadowed by other rules and which rules are shadowing other rules. Select the Policy Type at the top to view shadowing for each type of policy.
Each rule in the RULE NAME column might have a rule in the SHADOWED BY column and the SHADOWING column. The rule in the SHADOWING column might not be hit because the rule in the RULE NAME column will match the traffic first. The rules under SHADOWED BY will be hit before the rules in the RULE NAME column, possibly preventing the RULE NAME column rule from being hit.
Rules can be partially shadowed. In this case they will be hit if they match traffic characteristics that the other rule is not matching on.
For example, say A+B is being matched in rule #2 which is shadowed by rule #1, where rule #1 matches A. If traffic matches A, rule #1 will hit. If traffic matches B, rule #2 will hit.
Another example involves two subnets. Rule #1 blocks traffic matching the 10.0.0/24 subnet. Rule #2 allows traffic matching the 10.0/16 subnet.
Rule #1 shadows Rule #2. This is a partial shadow.
You can click on any rule to view details:
Was This Article Helpful?
Help us to improve our support portal