https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/193007#M4300 <P>I am sorry, the version is R81.10&nbsp;</P> Tue, 19 Sep 2023 04:07:58 GMT Nidhi01 2023-09-19T04:07:58Z https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/192889#M80 <P><FONT face="book antiqua,palatino">I have configured the checkpoint firewall in Azure. I have used Checkpoint Security Manager and Cloud Guard single gateway plan for this environment.</FONT></P><P><FONT face="book antiqua,palatino">The environment is like this - I have created one Virtual network and there are two subnets in the Vnet. I have deployed Server Manager in the Subnet 1 and Cloud guard single gateway where its first NIC is connected to Subnet 1 and the second NIC is connected to Subnet 2. I have deployed two Azure Virtual machines in the same network only but in different Subnets like VM01 in Subnet 1 and VM02 in Subnet 2. Now I wanted to block RDP service from VM01 to Vm02 as by default they can communicate with each other. However, the rule I created in the Checkpoint Server Manager does not block the RDP from the source to the destination. what could be the possible reason behind this? why is my rule not hitting the source and destination?</FONT></P><P><FONT face="book antiqua,palatino"><SPAN>I am expecting that I can block RDP for VM01 and VM02 through the rules I created in checkpoint smart Console.</SPAN></FONT></P> Mon, 18 Sep 2023 10:25:03 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/192889#M80 Nidhi01 2023-09-18T10:25:03Z https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/192944#M81 <P>What version?<BR />Did you deploy from one of our templates or manually?<BR />What shows in the logs when VM01 attempts to access VM02?<BR />Have you confirmed the traffic is actually traversing the gateway (via tcpdump or similar)?</P> Mon, 18 Sep 2023 15:15:58 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/192944#M81 PhoneBoy 2023-09-18T15:15:58Z https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/192946#M82 <P>I am using R80.10 version,</P><P>I have deployed the security manager and gateway from the Azure portal.</P><P>I am not sure how to confirm that the traffic is traversing through the gateway or not. Can you please let me know how can I check that and how to fix it?</P> Mon, 18 Sep 2023 15:21:20 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/192946#M82 Nidhi01 2023-09-18T15:21:20Z https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/192949#M83 <P>Can you send screenshot of the rule thats not working (please blur out any sensitive info)?</P> <P>Also, as&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;mentioned, its important to verify that traffic is indeed traversing the firewall, otherwise, if not, its totally logical why rule would never get hit.</P> <P>Makes sense?</P> <P>Andy</P> Mon, 18 Sep 2023 15:37:23 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/192949#M83 the_rock 2023-09-18T15:37:23Z https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/192968#M84 <P>Please check the version again as R80.10 is End of Support.<BR />Easiest way I know to check: with tcpdump on the gateway itself.<BR />If the gateway isn't seeing the traffic, it can't enforce any sort of policy on it.</P> Mon, 18 Sep 2023 18:03:27 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/192968#M84 PhoneBoy 2023-09-18T18:03:27Z https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/192975#M85 <P>Very easy...anyway, R80.10 is totally unsupported, but regardless of version, command is the same. Say interface is eth2 and IP is 10.10.10.10</P> <P>you can run below:</P> <P>tcpdump -enni any host 10.10.10.10</P> <P>or/and</P> <P>fw monitor -e "accept host(10.10.10.10);"</P> <P>Andy</P> Mon, 18 Sep 2023 18:33:42 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/192975#M85 the_rock 2023-09-18T18:33:42Z https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/193006#M4299 <P>Thanks Andy,</P><P>I have attached a screenshot of the rules I created.&nbsp;</P><P>&nbsp;</P> Tue, 19 Sep 2023 04:06:00 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/193006#M4299 Nidhi01 2023-09-19T04:06:00Z https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/193007#M4300 <P>I am sorry, the version is R81.10&nbsp;</P> Tue, 19 Sep 2023 04:07:58 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/193007#M4300 Nidhi01 2023-09-19T04:07:58Z https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/193045#M4303 <P>The rule works 100%, you can clearly see that from your screenshot. There are even logs showing that at the bottom.</P> <P>Andy</P> Tue, 19 Sep 2023 10:19:42 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/193045#M4303 the_rock 2023-09-19T10:19:42Z https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/193046#M4304 <P>Yeah it's generating logs but the main purpose to create a rule is to block the RDP of the virtual machines but I am able to take RDP of the VM01 and VM02. its not blocking.</P> Tue, 19 Sep 2023 10:22:10 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/193046#M4304 Nidhi01 2023-09-19T10:22:10Z https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/193051#M4306 <P>I would suggest you involve TAC to resolve this issue !</P> Tue, 19 Sep 2023 11:36:06 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/193051#M4306 G_W_Albrecht 2023-09-19T11:36:06Z https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/193061#M4307 <P>RDP from where exactly? Remember what both&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;and myself mentioned in previous responses, run captures to make sure that traffic even hits the firewall, because if not, it will never work.</P> <P>Andy</P> Tue, 19 Sep 2023 12:37:48 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/193061#M4307 the_rock 2023-09-19T12:37:48Z https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/193375#M4316 <P>Check your Azure VMs. &nbsp;The VMs are deployed automatically with a public IP address attached to their NICs. &nbsp;This IP is directly reachable to the Internet, not via your VNET. &nbsp;The VM also has a local IP on the subnet, but that's a private IP. &nbsp;Are you trying to reach your VM via the Azure public DNS name of "vm01-asdfadsf.&lt;region&gt;.cloudapp.azure.com" ? &nbsp;If so, then you're reaching the VM's direct-attached public IP; which will not pass through your CloudGuard firewall.</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 22 Sep 2023 16:27:56 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/193375#M4316 Duane_Toler 2023-09-22T16:27:56Z https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/193383#M4317 <P>Good point, I totally missed the config was in Azure.</P> <P>&nbsp;</P> <P>Andy</P> Fri, 22 Sep 2023 19:10:05 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Rules-I-created-is-not-working/m-p/193383#M4317 the_rock 2023-09-22T19:10:05Z