Issue

When Chamber Security Control is enabled (Detection or Prevention mode), and Access Policy Security Control is disabled, a Learned Rule modification may adversely affect the Effective Rules Table (ERT). This may result in unexpected behavior and inadvertently block some traffic subject to the specified Access Policies.

Learned Rule modification includes applying Learned Rules (LRT) to Application Chamber policies (CRT), or moving rules between Applied Learned Rules and Learned Rules Pending Review (Skipped).

Workaround

To restore the correct effective rules after a Learned Rule modification described above, perform any one of the following steps:

1. In Onboarding Flow Management, go to Access Policies page, open and save an existing policy. No need to make any changes.

2. In Advanced Management, go to Profile Provisioning page, open and save the existing app profile. No need to make any changes.

3. Other configuration changes that also trigger the policy recalculation:

   1. Add or Remove server to/from given Application

   2. Change Chamber Security Control Level for given Application

   3. Change Access Policy Security Control Level for given Application