https://community.checkpoint.com/t5/SASE-and-Remote-Access/Legacy-MAB-Policy-Enforcement-Order/m-p/209777#M3924 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/85630">@JH_Ranger</a>&nbsp;you should don't mix rules for MAB in the unified policy or legacy policy, use only one of them.</P> <P><SPAN>Is it necessary to replicate all rules from the Legacy MAB into the Access policy as well? Yes it is, move all rules from legacy to unified.</SPAN></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="2024-03-27 06_57_09.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/25038i7D1F2B1FB9996D08/image-size/medium?v=v2&amp;px=400" role="button" title="2024-03-27 06_57_09.png" alt="2024-03-27 06_57_09.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>The behavior how it works with unified policy can be found in the documentation&nbsp;<A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_MobileAccess_AdminGuide/Content/Topics-MABG/Mobile-Access-and-Unified-Access-Policy.htm?TocPath=Mobile%20Access%20Authorization%20and%20Access%20Control%7CMobile%20Access%20and%20the%20Unified%20Access%20Policy%7C_____0#Mobile_Access_and_the_Unified_Access_Policy" target="_blank" rel="noopener">Mobile Access and the Unified Access Policy (checkpoint.com)</A></P> <P>&nbsp;</P> Wed, 27 Mar 2024 06:03:04 GMT Wolfgang 2024-03-27T06:03:04Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Legacy-MAB-Policy-Enforcement-Order/m-p/209770#M3923 <P>Hi CheckMates,</P><P>I am curious about the policy enforcement order of the Legacy MAB policy. I understand that with the Unified Policy, it's possible to create Inline/Ordered layers and implement the MAB into that. But when is the Legacy MAB policy enforced? Before or after the Access rules?</P><P>I noticed that some MAB rules (in the SmartDashboard) allow a SNX user to a certain resource, but since there isn't a corresponding rule in the Access Rulebase (FW Blade) the traffic is dropped. The logs show a similar story, an "Accept" of the packet hitting the MAB blade, immediately followed by a default drop by the FW blade.</P><P>Is it necessary to replicate all rules from the Legacy MAB into the Access policy as well?</P><P>Thanks,</P><P>R81.10 Take130.</P> Wed, 27 Mar 2024 03:47:31 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Legacy-MAB-Policy-Enforcement-Order/m-p/209770#M3923 JH_Ranger 2024-03-27T03:47:31Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Legacy-MAB-Policy-Enforcement-Order/m-p/209777#M3924 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/85630">@JH_Ranger</a>&nbsp;you should don't mix rules for MAB in the unified policy or legacy policy, use only one of them.</P> <P><SPAN>Is it necessary to replicate all rules from the Legacy MAB into the Access policy as well? Yes it is, move all rules from legacy to unified.</SPAN></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="2024-03-27 06_57_09.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/25038i7D1F2B1FB9996D08/image-size/medium?v=v2&amp;px=400" role="button" title="2024-03-27 06_57_09.png" alt="2024-03-27 06_57_09.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>The behavior how it works with unified policy can be found in the documentation&nbsp;<A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_MobileAccess_AdminGuide/Content/Topics-MABG/Mobile-Access-and-Unified-Access-Policy.htm?TocPath=Mobile%20Access%20Authorization%20and%20Access%20Control%7CMobile%20Access%20and%20the%20Unified%20Access%20Policy%7C_____0#Mobile_Access_and_the_Unified_Access_Policy" target="_blank" rel="noopener">Mobile Access and the Unified Access Policy (checkpoint.com)</A></P> <P>&nbsp;</P> Wed, 27 Mar 2024 06:03:04 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Legacy-MAB-Policy-Enforcement-Order/m-p/209777#M3924 Wolfgang 2024-03-27T06:03:04Z