https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-verification-between-a-rule-that-has-as-source-access/m-p/115140#M76265 <P>Hello</P><P>&nbsp;</P><P>Can policy verification at r80.40&nbsp; work between a rule that has as source access role with specific network 192.168.1.0/24 and any user for example and a rule that has as source IP the network 192.168.1.0/24?</P><P>&nbsp;</P><P>BR,</P><P>Kostas</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 02 Apr 2021 09:53:17 GMT KostasGR 2021-04-02T09:53:17Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-verification-between-a-rule-that-has-as-source-access/m-p/115140#M76265 <P>Hello</P><P>&nbsp;</P><P>Can policy verification at r80.40&nbsp; work between a rule that has as source access role with specific network 192.168.1.0/24 and any user for example and a rule that has as source IP the network 192.168.1.0/24?</P><P>&nbsp;</P><P>BR,</P><P>Kostas</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 02 Apr 2021 09:53:17 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-verification-between-a-rule-that-has-as-source-access/m-p/115140#M76265 KostasGR 2021-04-02T09:53:17Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-verification-between-a-rule-that-has-as-source-access/m-p/115170#M76266 <P>Rules are only marked as hiding when they have the same source/destination/service.<BR />In R80.40, if such rules have the same action, they’re not flagged at all.<BR /><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk161574&amp;partition=Advanced&amp;product=Quantum" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk161574&amp;partition=Advanced&amp;product=Quantum</A></P> <P>For your specific question: I don’t know what the intended behavior is.</P> Sat, 03 Apr 2021 16:27:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-verification-between-a-rule-that-has-as-source-access/m-p/115170#M76266 PhoneBoy 2021-04-03T16:27:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-verification-between-a-rule-that-has-as-source-access/m-p/115184#M76267 <P>Can you send specific example (screenshot)? I believe this behavior never changed with Check Point since days of R55 or even before. If specific rule higher in the rulebase hides one below, then verification will most likely fail. Its a bit different now with layered rules, but principle is still the same.</P> Sun, 04 Apr 2021 01:48:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-verification-between-a-rule-that-has-as-source-access/m-p/115184#M76267 the_rock 2021-04-04T01:48:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-verification-between-a-rule-that-has-as-source-access/m-p/115227#M76268 <P>R55 did not have Access Role objects (that only came in at R75).<BR />That said, the basic rulebase verification logic is the same as it's been since well before that.<BR />Between the rulebase layers and the different rulebase matching process in R80+, I'm not sure how relevant the policy verification step is.</P> Mon, 05 Apr 2021 01:11:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-verification-between-a-rule-that-has-as-source-access/m-p/115227#M76268 PhoneBoy 2021-04-05T01:11:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-verification-between-a-rule-that-has-as-source-access/m-p/115346#M76269 <P>Hello&nbsp;</P><P>I am attaching the screenshots.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="policy.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/11281iCEF3F64F7E1FA585/image-size/medium?v=v2&amp;px=400" role="button" title="policy.png" alt="policy.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="access role.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/11282iA9B88DB580833B56/image-size/medium?v=v2&amp;px=400" role="button" title="access role.png" alt="access role.png" /></span></P><P> The verification result is pass.</P><P>BR,</P><P>Kostas</P> Tue, 06 Apr 2021 06:17:33 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-verification-between-a-rule-that-has-as-source-access/m-p/115346#M76269 KostasGR 2021-04-06T06:17:33Z