https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-20-rule-matching/m-p/14242#M91188 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Please verify your topology configuration. If it is configured correctly please open a support ticket.</P><P></P><P>Thanks,</P><P>Tal</P></BODY></HTML> Thu, 08 Nov 2018 14:33:43 GMT Tal_Ben_Avraham 2018-11-08T14:33:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-20-rule-matching/m-p/14240#M91186 <HTML><HEAD></HEAD><BODY><P>I was a bit surprised by the rule matching logic in R80(.20).</P><P></P><P>I have a parent rule for Internal to DMZ traffic:</P><P><IMG alt="" class="image-1 jive-image j-img-original" src="/legacyfs/online/checkpoint/73453_2018-11-01 14_35_51-SmartConsole (fwmgmt.networkschool.org).png" /></P><P>And a parent rule for Internal to Internal traffic:</P><P><IMG alt="" class="image-2 jive-image j-img-original" src="/legacyfs/online/checkpoint/73454_2018-11-01 14_37_14-SmartConsole (fwmgmt.networkschool.org).png" /></P><P>In the Internal to Internal policy&nbsp;I have a&nbsp;rule for my Active Directory traffic:</P><P><IMG alt="" class="image-4 jive-image j-img-original" src="/legacyfs/online/checkpoint/73457_2018-11-08 13_34_15-SmartConsole (fwmgmt.networkschool.org).png" /></P><P>But as I missed a protocol in this bunch the traffic was dropped. But not on the rule I expected it to be dropped on:</P><P><IMG alt="" class="image-3 jive-image j-img-original" src="/legacyfs/online/checkpoint/73455_2018-11-01 14_36_46-Log Details.png" /></P><P></P><P>So why would it drop on the wrong rule here?</P><P>There seems to be an inconsistence in the logging as it goes from Internal to Internal on the left hand but on the right hand it declares it from Internal to DMZ.</P><P><IMG alt="" class="image-5 jive-image j-img-original" src="/legacyfs/online/checkpoint/73458_2018-11-08 13_40_00-Interface_ eth0.101.png" /><IMG alt="" class="image-6 jive-image j-img-original" src="/legacyfs/online/checkpoint/73459_2018-11-08 13_40_45-Interface_ eth0.105.png" /></P><P></P><P>Can anyone explain why this inconsistence behaviour occurs?</P></BODY></HTML> Thu, 08 Nov 2018 12:44:05 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-20-rule-matching/m-p/14240#M91186 Hugo_vd_Kooij 2018-11-08T12:44:05Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-20-rule-matching/m-p/14241#M91187 <HTML><HEAD></HEAD><BODY><P>Hugo,</P><P>The only thing that comes to mind is if your DMZs IPv6 scope is including the destination, but there is likely a mechanism that should prevent it from happening.</P></BODY></HTML> Thu, 08 Nov 2018 13:12:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-20-rule-matching/m-p/14241#M91187 Vladimir 2018-11-08T13:12:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-20-rule-matching/m-p/14242#M91188 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Please verify your topology configuration. If it is configured correctly please open a support ticket.</P><P></P><P>Thanks,</P><P>Tal</P></BODY></HTML> Thu, 08 Nov 2018 14:33:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-20-rule-matching/m-p/14242#M91188 Tal_Ben_Avraham 2018-11-08T14:33:43Z