Firewall module bypasing rule

[geofke]

Hi,
I have a Smart center with 500 rules. When I install a rule (number 158) on a remote module, the rule is not working.
When I install the SAME rule in top of the rule base (number 10) then the rule is working ?
any idea

smart center : secureplatform This is Check Point VPN-1(TM) & FireWall-1(R) NGX (R60) HFA_02, Hotfix 602 - Build 015

module : secureplatform This is Check Point VPN-1(TM) & FireWall-1(R) NG with Application Intelligence (R55) HFA_12, Hotfix 309 - Build 007

[kva.kva]

RTFM

"VPN-1*Pro works by inspecting packets in a sequential manner. When VPN-1*Pro receives a packet belonging to a connection, it compares it against the first rule in the Security Rule Base, then the second, then the third, and so on. When it finds a rule that matches, it stops checking and applies that rule. If the packet goes through all the rules without finding a match, then that packet is denied. It is important to understand that the first rule that matches is applied to the packet, not the rule that best matches."

"Rule order is critical. Having the same rules, but placing them in a different order, can radically alter how your firewall works. It is therefore best to place the more specific rules first, the more general rules last. This prevents a general rule being matched before a more specific rule, and protects your firewall from misconfigurations."