What happens if a Security policy contains two rules that would match a proposed new session?

In Palo Alto Networks firewalls, the mechanism for evaluating security policies is based on the order of the rules in the security policy list. When a new session is initiated, the firewall processes each rule sequentially from top to bottom. The first rule that matches the criteria for the session will be applied, and no further rules will be checked after that.

This behavior is crucial for maintaining predictable and manageable security policies, as it allows administrators to prioritize rules based on their specific needs. Since the firewall stops evaluating rules once it finds the first applicable one, only the actions associated with that match will take effect for that session.

In this context, if there are two rules that could match a new session, it is the first one encountered that will dictate the policy application for that session. Thus, the mechanism ensures that specific and prioritized rules can be implemented effectively.