- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
i am facing issue adding a service group to an access rule while creating a new rule.
i have a rule where i need to add services and service groups.
i get error the the entry is not unique.
below is the syntax i am using.
add access-rule layer "standard" name "test" position 10 source "node a" destination "nodeb" destination.1 "nodec" service "ssh" service.1 "shiva_vpn_group" action "accept"
i am not able to find anything in API Doc or the community.
thanks
Can you show the exact error message you're getting?
Two things that stick out to me, layer would usually be "Network" or "Application" if the policy package is Standard (Default behavior) - You can verify the layer by opening Manage policies and layers and looking at the Layers -> Access Control section
And when adding several objects, I would use service.1 and service.2 instead of service and service.1 (Same for dst)
Hi,
here is the error i get
code: "generic_err_object_field_not_unique"
message: "Requested object name [pcANYWHERE] is not unique."
the layer name in the question is a typo its a Network layer
i tried your suggestion of using service.1 and service.2 but it give me the same error.
i can either add only service or service-group in a API call but not both in one call.
thanks...
If you search for pcANYWHERE, you will probably find more then one object, maybe a host and a network object by the same name?
If you have objects by the same name, you should first try to rename one of the objects. (It's likely to cause you even more pain down the road otherwise.)
The other option would be to specify the object by uid instead of name.
HI,
i was not aware that even if we call service to be added it will look at other objects as well for the name.
i do see the same name is used for an app category.
so looks like i will have to go with UID for this.
thanks for your help here.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY