Project

General

Profile

Actions

Support #3251

closed

Bypass question

Added by Dan Collins about 5 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Low
Affected Versions:
Label:

Description

When using bypass in an alert rule, do the default action-order rules still apply where pass and drop are done before the alert bypass is done? or does bypass override other actions. I could not find an answer to this in any documentation.

Should I change the action-order so alerts come before drop. I only use my one custom rule where drop drops anything not passed in a pass or bypass rule.
What I am seeing now is the bypass rule and the drop rule in the log for the same packet.

Actions

Also available in: Atom PDF