|Country (Allow & Deny)
||If a connection is denied, the country is being blocked per the country policy. If a connection is allowed, the country is being allowed per the country policy and no other policies are set to deny it.
||There are no policies placed against the United States, so packets flow smoothly. China has been blocked on your policy map, so connections to China will be denied.
||The IP address or domain is allowed per the whitelist policy.
||A user has manually placed an IP or IP subnet on the whitelist.
|Exception (Allow & Deny)
||If a connection is denied, the IP address is included in an exception list that has been set as a denied list. If a connection is allowed, the IP address is included in an exception list that has been set as an allowed list.
||A user has created a custom allow lost and has placed the IP in question into the list. They then apply it to one of their resource groups.
||The IP address is blocked per the Threat Intel policy.
||The offending IP has been added to the Botnet category and the user has that category active.
||Connections are being denied per the set country throttle policy OR bandwidth through the device has exceeded its current license.
||A throttle policy for connections coming from China has been triggered and now is throttling any traffic from that country.
||The IP address or domain is blocked per the blacklist policy.
||The offending IP has been placed on one or more active blacklists that is being provided by us or the user.
||The Bandura TIG has seen a packet that is does not see as a valid part of an established connection.
||TCP packet that is not a SYN and isn’t part of any existing connections.