What should be created if a Bypass action is used on incoming traffic in a firewall rule?

When a Bypass action is applied to incoming traffic in a firewall rule, it's important to create an additional outgoing rule for matching responses. This is necessary because when incoming traffic is bypassed, it may not undergo the usual security measures that would be applied to it. As a result, any responses generated in relation to that traffic must also be accounted for.

By defining an outgoing rule that matches the bypassed incoming traffic, you ensure that responses to this traffic are monitored and controlled similarly to how regular incoming traffic would be handled. This helps maintain security by allowing the responses to specific bypassed requests to be scrutinized, reducing the risk of malicious activities.

Creating an incoming rule for traffic monitoring may seem useful, but it does not address the necessity of controlling outgoing traffic in response to bypassed incoming rules. A deny rule for unsolicited traffic is focused on blocking unwanted attempts rather than handling established communication that has been bypassed. In situations where bypass occurs, leaving no additional rules would result in potentially unmonitored or uncontrolled traffic responses. Therefore, establishing an outgoing rule is vital for comprehensive traffic management and security.