https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/171467#M31084 <P>Try turning off&nbsp;<SPAN>Network Quota and verify if this helps.</SPAN></P> Wed, 15 Feb 2023 06:47:40 GMT Danny 2023-02-15T06:47:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/171453#M31082 <P>Hi</P><P>Started migrating vlans from an internal Cisco ASA to a new VSX cluster. I am now getting some intermittent reports of applications or servers not connecting as expected. When I look through the logs, I see lots of drops related to an implied rule. This is hit by different sources and destinations and different ports.&nbsp;</P><P>After following&nbsp;<SPAN>sk110218, I am able to see the implied rule name, which is "Implied Rule - enforce_net_quota". The name of this rul seems to indicate I'm hitting some sort of limit but not sure what. </SPAN></P><P><SPAN>Can anyone tell me what enforce_net_quota refers to please?</SPAN></P><P><SPAN>Many Thanks<BR />Roy</SPAN></P> Tue, 14 Feb 2023 16:54:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/171453#M31082 Roy_Smith 2023-02-14T16:54:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/171467#M31084 <P>Try turning off&nbsp;<SPAN>Network Quota and verify if this helps.</SPAN></P> Wed, 15 Feb 2023 06:47:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/171467#M31084 Danny 2023-02-15T06:47:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/171482#M31087 <P>Can you send screencap of it if possible? I checked sk you mentioned, but does not sadly seem too useful here. I also saw what&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/687">@Danny</a>&nbsp;suggested, but cant find that protection even in my R81.20 lab with updated IPS.</P> <P>Searching CP support site, cant find much on it, so might be worth if you do zdebug to verify if you get exact same messages. We might be able to figure out from those drops if there is indeed actual IPS protection causing an issue.</P> <P>Andy</P> Tue, 14 Feb 2023 18:45:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/171482#M31087 the_rock 2023-02-14T18:45:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/171508#M31097 <P>This is definitely the Network Quota protection, which is inactive by default.<BR />You can do one of two things:</P> <UL> <LI>Disable it by going to&nbsp;<SPAN>Security Policies &gt; Inspection Settings and setting it to Inactive for the relevant profile</SPAN></LI> <LI>Create an exception for the relevant traffic in the protection</LI> </UL> <P>Changing this setting requires pushing the Access Policy (not Threat Prevention) since this is a Core Protection handled by the firewall (not IPS).</P> Tue, 14 Feb 2023 22:01:26 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/171508#M31097 PhoneBoy 2023-02-14T22:01:26Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/171533#M31099 <P>Ah, inspection setting, thats why I could not find it...duh, silly me. Anyway, let us know&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/18838">@Roy_Smith</a>&nbsp;if what phoneboy suggested works.</P> Wed, 15 Feb 2023 01:37:09 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/171533#M31099 the_rock 2023-02-15T01:37:09Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/171642#M31126 <P>Guys</P><P>It was the Network Quota in Inspections Settings that was being referred to. I set it back to inactive and that solved the issue.&nbsp;</P><P>Thanks for the help</P> Thu, 16 Feb 2023 04:51:21 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/171642#M31126 Roy_Smith 2023-02-16T04:51:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/258440#M50689 <P>Hi PhoneBoy,</P><P>Any reason why the default for this setting is disabled? I've found it as enabled in my environment and was thinking it could be useful to fend off DoS attacks?</P><P>Thank you</P> Mon, 29 Sep 2025 10:23:04 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/258440#M50689 PointOfChecking 2025-09-29T10:23:04Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/258508#M50698 <P>Network Quota has a performance impact of Critical, which is why it is disabled by default.<BR />If you're looking to mitigate DoS attacks, you're far better off using fwaccel dos, which is SecureXL friendly.<BR />See:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk112454" target="_blank">https://support.checkpoint.com/results/sk/sk112454</A>&nbsp;<BR /><BR /></P> Tue, 30 Sep 2025 00:17:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/258508#M50698 PhoneBoy 2025-09-30T00:17:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/259126#M50818 <P>Will look into this. Thank you.</P> Mon, 06 Oct 2025 15:06:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/implied-rules-getting-hit-and-dropping-traffic/m-p/259126#M50818 PointOfChecking 2025-10-06T15:06:23Z