https://community.checkpoint.com/t5/General-Topics/Time-based-rule-rematch-connection/m-p/32882#M6871 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Thank you for your reply</P><P></P><P>However I'm not trying to have policy applied after a Policy Installation but after a Rule with a Time ressource defined on it. When this rule expire I would like to rematch the existing connection (no policy installation)</P><P></P><P>Regards</P><P></P><P>Nicolas</P></BODY></HTML> Wed, 20 Jun 2018 11:28:56 GMT CP-NDA 2018-06-20T11:28:56Z https://community.checkpoint.com/t5/General-Topics/Time-based-rule-rematch-connection/m-p/32878#M6867 <HTML><HEAD></HEAD><BODY><P>Dear,</P><P></P><P>We would like to implement a Time Based restricted rule</P><P></P><P>The time limitation is correclty applied for all new connections but for existing traffic there is no rematch of the active connections once rule expires</P><P></P><P>Is there a way to force this?</P><P></P><P>We would like to apply Bandwidth limitation starting at a defined day and hour and release this limitation after a certain time...</P><P></P><P>For now if the connection start before the time restriction the limitation is not applied</P><P></P><P>Thank you</P><P></P><P>Nicolas</P></BODY></HTML> Wed, 20 Jun 2018 09:49:46 GMT https://community.checkpoint.com/t5/General-Topics/Time-based-rule-rematch-connection/m-p/32878#M6867 CP-NDA 2018-06-20T09:49:46Z https://community.checkpoint.com/t5/General-Topics/Time-based-rule-rematch-connection/m-p/32879#M6868 <HTML><HEAD></HEAD><BODY><P>Hi Nicolas,</P><P></P><P>Could you check that "Rematch connections" is chosen under SmartDashboard -&gt; gateway object -&gt; Other -&gt; Connection Persistence ? sxl may help without rematch conn config;&nbsp; for the configuration to apply for connections from existing templates, you should run "fwaccel off; fwaccel on".</P></BODY></HTML> Wed, 20 Jun 2018 10:37:55 GMT https://community.checkpoint.com/t5/General-Topics/Time-based-rule-rematch-connection/m-p/32879#M6868 Huseyin_Rencber 2018-06-20T10:37:55Z https://community.checkpoint.com/t5/General-Topics/Time-based-rule-rematch-connection/m-p/32880#M6869 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Thank you for this update we are in Keep Connection to avoid drops when pushing policies in VPN</P><P></P><P>Is this settings responsible for the non-rematch of the rules?</P><P></P><P>When you ask to set fwaccl off then on do we need to run this manually once the rule has expired?</P><P></P><P>Thank you</P><P></P><P>Best regards</P><P></P><P>Nicolas</P></BODY></HTML> Wed, 20 Jun 2018 10:54:57 GMT https://community.checkpoint.com/t5/General-Topics/Time-based-rule-rematch-connection/m-p/32880#M6869 CP-NDA 2018-06-20T10:54:57Z https://community.checkpoint.com/t5/General-Topics/Time-based-rule-rematch-connection/m-p/32881#M6870 <HTML><HEAD></HEAD><BODY><P>You setting (keep connection) will keep connections open until the connections ended. The newly installed policy will be enforced only for the new connection. The second option sxl may help. not sure about that, you can try it</P></BODY></HTML> Wed, 20 Jun 2018 11:25:16 GMT https://community.checkpoint.com/t5/General-Topics/Time-based-rule-rematch-connection/m-p/32881#M6870 Huseyin_Rencber 2018-06-20T11:25:16Z https://community.checkpoint.com/t5/General-Topics/Time-based-rule-rematch-connection/m-p/32882#M6871 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Thank you for your reply</P><P></P><P>However I'm not trying to have policy applied after a Policy Installation but after a Rule with a Time ressource defined on it. When this rule expire I would like to rematch the existing connection (no policy installation)</P><P></P><P>Regards</P><P></P><P>Nicolas</P></BODY></HTML> Wed, 20 Jun 2018 11:28:56 GMT https://community.checkpoint.com/t5/General-Topics/Time-based-rule-rematch-connection/m-p/32882#M6871 CP-NDA 2018-06-20T11:28:56Z https://community.checkpoint.com/t5/General-Topics/Time-based-rule-rematch-connection/m-p/32883#M6872 <HTML><HEAD></HEAD><BODY><P>As Check Point's rulebase is matched only against new connections the only way I see to force this via a simple Bash script that is resetting the existing connection at your specific times.</P></BODY></HTML> Wed, 20 Jun 2018 11:31:56 GMT https://community.checkpoint.com/t5/General-Topics/Time-based-rule-rematch-connection/m-p/32883#M6872 Danny 2018-06-20T11:31:56Z https://community.checkpoint.com/t5/General-Topics/Time-based-rule-rematch-connection/m-p/32884#M6873 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>Thank you</P><P></P><P>I though there would be a native and better way to handle this</P><P></P><P>As per my debug the way of limiting the bandwidth is quite strange (dropping packets)...</P></BODY></HTML> Wed, 20 Jun 2018 11:36:25 GMT https://community.checkpoint.com/t5/General-Topics/Time-based-rule-rematch-connection/m-p/32884#M6873 CP-NDA 2018-06-20T11:36:25Z