If final Catch All rule in Default egress rule is set to Deny_IP on TrustSec egress Policy Matrix screen, I experienced that not only overlay but also underlay communication will be blocked.
I want to know the setting/config that only overlay communication is rejected by default without affecting underlay communication. Could you pls help me?
THX PHENIIX
When you have "no cts role-based enforcement" on the port config or no CTS configured at all on the port. It should be fine and you would not have any issues !