topic Re: CME configurating same rule name for all policy push in Cloud Firewall

CME configurating same rule name for all policy push

deepaknegi12 — Sat, 24 Feb 2024 15:43:09 GMT

Hi,

Would appreciate any help possible here. I recently deployed the following 81.20 setup (1 Management server + ASG (2 security GW)) on AWS cloud. The setup is utilizing CME and auto creating the access rules using checkpoint tags. The access rule that is generated follows the format "auto-generated by CME - allow traffic to auto scaling group." and it does that for all the rules even with different application ports. So, if there is an existing autogenerated rule for port 9990, the CME does not create new rule for 8900, but instead overrides the existing rule with the same name. I don't understand how to overcome this and create a separate rule name for each application/port.

CME tags in use are the:

1) on ASG, Security Gateway: management, template, ip-address

2) on load balancers: x-chkp-forwarding, x-chkp-management, x-chkp-template

Is there a modification required in the templates and where? Thanks in advance.

Regards,

Re: CME configurating same rule name for all policy push

nimrodgab — Wed, 27 Mar 2024 14:46:35 GMT

Hi @deepaknegi12

Do you mean that instead of adding the port 8900 to the same rule (that contains the port 9990) it overrides the 9990 port?

Can you share your internal load balancer listeners details (protocol:port), your external target groups details (protocol:port) and the value of the tag "x-chkp-forwarding"?

Thanks

Re: CME configurating same rule name for all policy push

the_rock — Wed, 27 Mar 2024 15:02:45 GMT

I usually do this in Azure, only once in AWS, but never had such a problem. Lets see if @nimrodgab can help.

Andy