This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
deepaknegi12
Explorer
‎2024-02-24 07:43 AM

CME configurating same rule name for all policy push

Hi,

Would appreciate any help possible here. I recently deployed the following 81.20 setup (1 Management server + ASG (2 security GW)) on AWS cloud. The setup is utilizing CME and auto creating the access rules using checkpoint tags. The access rule that is generated follows the format "auto-generated by CME - allow traffic to auto scaling group." and it does that for all the rules even with different application ports. So, if there is an existing autogenerated rule for port 9990, the CME does not create new rule for 8900, but instead overrides the existing rule with the same name. I don't understand how to overcome this and create a separate rule name for each application/port.

CME tags in use are the:

1) on ASG, Security Gateway: management, template, ip-address

2) on load balancers: x-chkp-forwarding, x-chkp-management, x-chkp-template

Is there a modification required in the templates and where? Thanks in advance.

Regards,

Preview file
28 KB
0 Kudos
2 Replies
nimrodgab
Employee
Employee
‎2024-03-27 07:46 AM

Hi @deepaknegi12 

Do you mean that instead of adding the port 8900 to the same rule (that contains the port 9990) it overrides the 9990 port?

Can you share your internal load balancer listeners details (protocol:port), your external target groups details (protocol:port) and the value of the tag "x-chkp-forwarding"?

Thanks

the_rock
Legend
Legend
‎2024-03-27 08:02 AM

I usually do this in Azure, only once in AWS, but never had such a problem. Lets see if @nimrodgab can help.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events