This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
sudhir_mirajkar
Participant
‎2021-06-21 09:51 PM

Adding Service Group in a access-rule

i am facing issue adding a service group to an access rule while creating a new rule.

i have a rule where i need to add services and service groups.

i get error the the entry is not unique.

below is the syntax i am using.

add access-rule layer "standard" name "test" position 10 source "node a" destination "nodeb" destination.1 "nodec" service "ssh" service.1 "shiva_vpn_group" action "accept"

i am  not able to find anything in API Doc or the community.

thanks

0 Kudos
4 Replies
Sigbjorn
Advisor
Advisor
‎2021-06-22 01:41 AM

Can you show the exact error message you're getting?

Two things that stick out to me, layer would usually be "Network" or "Application" if the policy package is Standard (Default behavior) - You can verify the layer by opening Manage policies and layers and looking at the Layers -> Access Control section

And when adding several objects, I would use service.1 and service.2 instead of service and service.1 (Same for dst)

0 Kudos
sudhir_mirajkar
Participant
‎2021-06-22 01:51 AM
In response to Sigbjorn

Hi,

here is the error i get
code: "generic_err_object_field_not_unique"
message: "Requested object name [pcANYWHERE] is not unique."

the layer name in the question is a typo its a Network layer

i tried your suggestion of using service.1 and service.2 but it give me the same error.

i can either add only service or service-group in a API call but not both in one call.

thanks...
 

0 Kudos
Sigbjorn
Advisor
Advisor
‎2021-06-22 02:00 AM
In response to sudhir_mirajkar

If you search for pcANYWHERE, you will probably find more then one object, maybe a host and a network object by the same name?

If you have objects by the same name, you should first try to rename one of the objects. (It's likely to cause you even more pain down the road otherwise.)

The other option would be to specify the object by uid instead of name.

0 Kudos
sudhir_mirajkar
Participant
‎2021-06-22 02:09 AM
In response to Sigbjorn

HI,

i was not aware that even if we call service to be added it will look at other objects as well for the name.

i do see the same name is used for an app category.

so looks like i will have to go with UID for this.

thanks for your help here. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top