Negate Rule Not Working Firewall-1

Let's say you have three DMZ networks on Firewall-1, and you create three network objects corresponding to these three networks:

You then create a group named DMZ-Networks and create a rule that says when the Source is NOT DMZ-Networks (i.e., Negate DMZ-Networks), and the target is the Firewall-1 object, then send an alert. The intent was to find any packet from an external address that targets the firewall.

What I'm finding is that any broadcast from any machine in a DMZ network is triggering the alert. Firewall-1 does not see a broadcast originating from a machine in a DMZ Network as being from that network? How would you modify the rule above so that broadcasts coming from inside the DMZ don't trigger the Negate source condition?

Reply to
Loading thread data ...

When you created the network object, did you specify that the broadcast address was included or excluded in the network definition. The default for NGX is to exclude the broadcast address from the network object.

Reply to
rick Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.