ReasonExplanationExamples
Country (Allow & Deny)If a connection is denied, the country is being blocked per the country policy. If a connection is allowed, the country is being allowed per the country policy and no other policies are set to deny it.There are no policies placed against the United States, so packets flow smoothly. China has been blocked on your policy map, so connections to China will be denied.
Whitelist (Allow)The IP address or domain is allowed per the whitelist policy.A user has manually placed an IP or IP subnet on the whitelist.
Exception (Allow & Deny)If a connection is denied, the IP address is included in an exception list that has been set as a denied list. If a connection is allowed, the IP address is included in an exception list that has been set as an allowed list.A user has created a custom allow list and has placed the IP in question into the list.  They then apply it to one of their resource groups.
IP_Rep (Deny)The IP address is blocked per the Threat Intel policy.The offending IP has been added to the Botnet category and the user has that category active.
Throttle (Deny)Connections are being denied per the set country throttle policy OR bandwidth through the device has exceeded its current license.A throttle policy for connections coming from China has been triggered and now is throttling any traffic from that country.
Blacklist (Deny)The IP address or domain is blocked per the blacklist policy.The offending IP has been placed on one or more active blacklists that is being provided by us or the user.
Flow (Deny)The Bandura TIG has seen a packet that it does not see as a valid part of an established connection.TCP packet that is not a SYN and isn't part of any existing connections.