Symptom
When customer has implicit Deny and has configured explicit ACL with Default Allow at end, the traffic gets allowed instead of right behaviour Deny
Conditions
Implicit ACL ( Deny ) + Explicit ACL ( Default Allow ) --> Allow
Workaround
Do not let flow match default allow condition
Further Problem Description
https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/policies/vedge-20-x/policies-book/localized-policy.html
Ref - Table 1.
Expected behaviour -
Implicit ACL ( Deny ) + Explicit ACL ( Default Allow ) --> Deny
However due to bug the behaviour has changed on Vedge only to :
Implicit ACL ( Deny ) + Explicit ACL ( Default Allow ) --> Allow
This needs to change as per document and to match Cedge behaviour.
