https://community.checkpoint.com/t5/Firewall-and-Security-Management/Another-way-to-filter-out-a-network-from-pdp-instead-of-idc/m-p/130710#M19201 <P>Hello Community</P><P>Is any other way to filter out a network from pdp instead of idc configuration?</P><P>BR,</P><P>Kostas</P> Thu, 30 Sep 2021 14:32:03 GMT KostasGR 2021-09-30T14:32:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Another-way-to-filter-out-a-network-from-pdp-instead-of-idc/m-p/130710#M19201 <P>Hello Community</P><P>Is any other way to filter out a network from pdp instead of idc configuration?</P><P>BR,</P><P>Kostas</P> Thu, 30 Sep 2021 14:32:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Another-way-to-filter-out-a-network-from-pdp-instead-of-idc/m-p/130710#M19201 KostasGR 2021-09-30T14:32:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Another-way-to-filter-out-a-network-from-pdp-instead-of-idc/m-p/130840#M19242 <P>You mean on the gateways themselves?<BR />I don't believe so.<BR />Can you explain why this is relevant in your situation?</P> Fri, 01 Oct 2021 18:14:21 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Another-way-to-filter-out-a-network-from-pdp-instead-of-idc/m-p/130840#M19242 PhoneBoy 2021-10-01T18:14:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Another-way-to-filter-out-a-network-from-pdp-instead-of-idc/m-p/130903#M19258 <P>Hello PhoneBoy</P><P>I mean the Identity awareness gateways themselves.</P><P>After updating the IDCs to latest version it seems that filter out doesn't work as expected.</P><P>Is it a known issue?</P><P>BR,</P><P>Kostas</P> Mon, 04 Oct 2021 08:08:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Another-way-to-filter-out-a-network-from-pdp-instead-of-idc/m-p/130903#M19258 KostasGR 2021-10-04T08:08:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Another-way-to-filter-out-a-network-from-pdp-instead-of-idc/m-p/130977#M19272 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/8232">@Royi_Priov</a>&nbsp;what say you?</P> Tue, 05 Oct 2021 00:24:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Another-way-to-filter-out-a-network-from-pdp-instead-of-idc/m-p/130977#M19272 PhoneBoy 2021-10-05T00:24:58Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Another-way-to-filter-out-a-network-from-pdp-instead-of-idc/m-p/131009#M19277 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/54611">@KostasGR</a>,</P> <P>To answer your initial question:</P> <P>In Identity Broker, there is a way to filter by network.</P> <P>However, I'm more concerned about your statement <EM>"After updating the IDCs to latest version it seems that filter out doesn't work as expected."</EM></P> <P>I'm not aware of such issue - can you open ticket with TAC and share IDC service debugs (sk122686)?</P> Tue, 05 Oct 2021 10:29:31 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Another-way-to-filter-out-a-network-from-pdp-instead-of-idc/m-p/131009#M19277 Royi_Priov 2021-10-05T10:29:31Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Another-way-to-filter-out-a-network-from-pdp-instead-of-idc/m-p/131013#M19279 <P>Hello&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/8232">@Royi_Priov</a>&nbsp;</P><P>We are not using identity broker. We solved our issue by importing again the exclusions on IDC.</P><P>The upgrade procedure we followed is the below. You can replicate easily on your lab.</P><P>1)Export configuration of&nbsp;IDC</P><P>2)Uninstall old&nbsp;version of&nbsp;IDC</P><P>3)Reboot the windows server</P><P>4)Install the&nbsp;latest version of&nbsp;IDC</P><P>5)Import config of&nbsp;IDC</P><P>6)Establish connectivity with PDP</P><P>7)Check IDC status/logs/filters</P><P>8)Check PDP status</P><P>9)Check the registry value for monitor functionality that is present</P><P><STRONG>10)import again the user exception filter</STRONG></P><P>&nbsp;</P><P>It seems that step 10 is also needed for exception filters to work as expected. Even though we could see them on IDC&nbsp; configuration the exclusions for service accounts weren't working..</P><P>&nbsp;</P><P>BR,</P><P>Kostas</P> Tue, 05 Oct 2021 10:48:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Another-way-to-filter-out-a-network-from-pdp-instead-of-idc/m-p/131013#M19279 KostasGR 2021-10-05T10:48:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Another-way-to-filter-out-a-network-from-pdp-instead-of-idc/m-p/131014#M19280 <P>Thanks for the fast reply. I will certainly test it.</P> <P>A question - in step 7, have you noticed if the relevant filters were exist on the IDC configuration?&nbsp;</P> <P>By the way, there is an easier way to update IDC in my opinion:</P> <OL> <LI> <P>Export configuration of&nbsp;IDC - same</P> </LI> <LI><SPAN>Install the&nbsp;latest version of&nbsp;IDC on top of the old one - same as step 4 on your procedure</SPAN></LI> </OL> <P><SPAN>after that, no other steps are needed (no need to import the config / re-establish PDP communication).</SPAN></P> Tue, 05 Oct 2021 10:55:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Another-way-to-filter-out-a-network-from-pdp-instead-of-idc/m-p/131014#M19280 Royi_Priov 2021-10-05T10:55:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Another-way-to-filter-out-a-network-from-pdp-instead-of-idc/m-p/131016#M19281 <P>Hello&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/8232">@Royi_Priov</a>&nbsp;</P><P>In step 7 the filters were present.</P><P>In the next IDC upgrade i will follow your procedure <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>Thank you</P><P>Kostas</P><P>&nbsp;</P> Tue, 05 Oct 2021 10:58:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Another-way-to-filter-out-a-network-from-pdp-instead-of-idc/m-p/131016#M19281 KostasGR 2021-10-05T10:58:53Z