https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Dynamic-objects-from-ACI-not-working/m-p/258473#M3654 <P dir="ltr">Are the drops seen in debugs definitely for active machines?</P> <P dir="ltr"><SPAN>Anything of interest in: cloud_proxy.elg</SPAN></P> <P dir="ltr"><SPAN>What do you see with "pep show user query cid a.b.c.d"</SPAN></P> <P dir="ltr">&nbsp;</P> Mon, 29 Sep 2025 14:56:05 GMT Chris_Atkinson 2025-09-29T14:56:05Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Dynamic-objects-from-ACI-not-working/m-p/258445#M3648 <P><SPAN>Hello Community,</SPAN></P><P><SPAN>we have an issue with dynamic objects imported from ACI and used in Access Control policy.</SPAN></P><P><SPAN>When we use static network objects, the traffic works fine. But when we replace it with dyn obj (imported form ACI) for the same subnet, the traffic does not match the rule and gets dropped by cleanup.</SPAN></P><P><SPAN>Environment:</SPAN></P><UL><LI><SPAN>Check Point is synced with Identity Awareness on the gateway</SPAN></LI><LI><SPAN>Check Point does not show any error in logs regarding the dynamic object</SPAN></LI><LI><SPAN>In SmartConsole, the dynamic object shows the correct hosts inside</SPAN></LI><LI><SPAN>with fw ctl zdebug + drop, we see traffic dropped by cleanup rule when the dynamic object is used as destination.</SPAN></LI></UL><P><SPAN>Tech Specs:</SPAN></P><UL class="lia-list-style-type-square"><LI><SPAN>Hyperscale Maestro Solution 9700 running VS</SPAN></LI><LI>Product version Check Point Gaia R81.20</LI><LI>HOTFIX_R81_20_JUMBO_HF_MAIN Take: 113</LI></UL><P>Is this known limitation or bug when using ACI dyn objects?</P><P>Are there any recommendations for debugging this further, or a known fix/workaround other then replacing with a static subnet?</P><P>Thanks in advance!</P><P>K.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 29 Sep 2025 11:21:50 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Dynamic-objects-from-ACI-not-working/m-p/258445#M3648 katarina_ 2025-09-29T11:21:50Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Dynamic-objects-from-ACI-not-working/m-p/258473#M3654 <P dir="ltr">Are the drops seen in debugs definitely for active machines?</P> <P dir="ltr"><SPAN>Anything of interest in: cloud_proxy.elg</SPAN></P> <P dir="ltr"><SPAN>What do you see with "pep show user query cid a.b.c.d"</SPAN></P> <P dir="ltr">&nbsp;</P> Mon, 29 Sep 2025 14:56:05 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/Dynamic-objects-from-ACI-not-working/m-p/258473#M3654 Chris_Atkinson 2025-09-29T14:56:05Z