Merge pull request #281829 from vhorne/fw-rule-processing

prmerger-automator[bot] · web-flow · commit 61f50463ca73 · 2024-07-25T14:40:35.000Z
add rule processing summary
diff --git a/articles/firewall/rule-processing.md b/articles/firewall/rule-processing.md
@@ -24,11 +24,22 @@ With Firewall Policy, rules are organized inside Rule Collections and Rule Colle
 
 Rules are processed based on Rule Collection Group Priority and Rule Collection priority. Priority is any number between 100 (highest priority) to 65,000 (lowest priority). Highest priority Rule Collection Groups are processed first. Inside a rule collection group, Rule Collections with highest priority (lowest number) are processed first.  
 
-If a Firewall Policy is inherited from a parent policy, Rule Collection Groups in the parent policy always takes precedence regardless of the priority of a child policy.  
+If a Firewall Policy is inherited from a parent policy, Rule Collection Groups in the parent policy always takes precedence regardless of the priority of a child policy.
+
+
 
 > [!NOTE]
 > Application rules are always processed after Network rules, which are processed after DNAT rules regardless of Rule collection group or Rule collection priority and policy inheritance.
 
+So, to summarize:
+
+Parent policy always takes precedence.
+
+1. Rule collection groups are processed in priority order.
+1. Rule collections are processed in priority order.
+1. DNAT rules, then Network rules, then Application rules are processed.
+
+
 Here's an example policy:
 
 Assuming BaseRCG1 is a rule collection group priority (200) that contains the rule collections: DNATRC1, DNATRC3,NetworkRC1.\
