https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-Related-Question/m-p/35110#M88117 <HTML><HEAD></HEAD><BODY><P>Hi Vijay,</P><P></P><P>I understand your rule ordering. However your problem is that your traffic isn't matching your new rule.&nbsp;</P><P></P><P>To help you diagnose this we need to see log entries to see what is happening in the environment.&nbsp;</P><P></P><P>Please post further information so that we can help you.&nbsp;</P><P></P><P>Regards</P><P>Mark</P></BODY></HTML> Fri, 22 Feb 2019 20:56:51 GMT Mark_Mitchell 2019-02-22T20:56:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-Related-Question/m-p/35106#M88113 <HTML><HEAD></HEAD><BODY><P>Hi All,</P><P>Am working on rule base cleanup and after i cleaned up few rules i see some hits in my old rules for any service..below is the example . We have R77.30 Mgmt server.</P><P>we have created the new rules on top of old rule, now when I checked the usage of old rules only for service I still see the usage in the old rules for the same ports which is allowed on new rules. Please let me&nbsp; know if this is fine to disable the old rules?</P><P>&nbsp;</P><P>For example : Rule 101 (Old) ANY Service</P><P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Rule 102 (New) FTP, HTTP</P><P>But still seeing hits in old rules for same services.</P><P></P><P>Vijay</P></BODY></HTML> Fri, 22 Feb 2019 16:26:17 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-Related-Question/m-p/35106#M88113 Vijay_Nagaraj 2019-02-22T16:26:17Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-Related-Question/m-p/35107#M88114 <HTML><HEAD></HEAD><BODY><P>HI the rule order is New rule with limited service on top and same source and destination with ANY service in bottom.</P><P></P><P>Vijay</P></BODY></HTML> Fri, 22 Feb 2019 16:33:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-Related-Question/m-p/35107#M88114 Vijay_Nagaraj 2019-02-22T16:33:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-Related-Question/m-p/35108#M88115 <HTML><HEAD></HEAD><BODY><P>Hi Vijay,&nbsp;</P><P></P><P>If your more specific rule is placed above the less specific one, then the more specific rule should be being hit. Can you share more details around the rules please? And also the log entries if possible?</P><P></P><P>If your "new" rule is not being hit right now then disabling the old rule will more than likely result in a loss of service.&nbsp;</P><P></P><P>Regards</P><P>Mark</P></BODY></HTML> Fri, 22 Feb 2019 19:28:07 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-Related-Question/m-p/35108#M88115 Mark_Mitchell 2019-02-22T19:28:07Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-Related-Question/m-p/35109#M88116 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>My new rule with limited services like HTTP, STP is in top&nbsp;</P><P>My old rule with ANY services is bottom of this rule. Both has the same source and destination but the service differs.</P><P></P><P>VIjay</P></BODY></HTML> Fri, 22 Feb 2019 20:50:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-Related-Question/m-p/35109#M88116 Vijay_Nagaraj 2019-02-22T20:50:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-Related-Question/m-p/35110#M88117 <HTML><HEAD></HEAD><BODY><P>Hi Vijay,</P><P></P><P>I understand your rule ordering. However your problem is that your traffic isn't matching your new rule.&nbsp;</P><P></P><P>To help you diagnose this we need to see log entries to see what is happening in the environment.&nbsp;</P><P></P><P>Please post further information so that we can help you.&nbsp;</P><P></P><P>Regards</P><P>Mark</P></BODY></HTML> Fri, 22 Feb 2019 20:56:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-Related-Question/m-p/35110#M88117 Mark_Mitchell 2019-02-22T20:56:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-Related-Question/m-p/35111#M88118 <HTML><HEAD></HEAD><BODY><P>Did you push the policy on affected firewall ?</P></BODY></HTML> Sat, 23 Feb 2019 08:10:08 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-Related-Question/m-p/35111#M88118 JozkoMrkvicka 2019-02-23T08:10:08Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-Related-Question/m-p/35112#M88119 <HTML><HEAD></HEAD><BODY><P>Yes,,,</P></BODY></HTML> Sat, 23 Feb 2019 13:30:21 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policy-Related-Question/m-p/35112#M88119 Vijay_Nagaraj 2019-02-23T13:30:21Z