This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RobertTaylor
Participant
‎2024-08-14 10:39 PM

Outbound Firewall Cleanup Rule

I'm trying to implement a "Outbound - Cleanup" rule as shown that logs blocked traffic.

The purpose of this is two part:

  1. Block Any Undefined Traffic
  2. Log Blocked Traffic in case additional exceptions are required (logging wouldn't always need to be enabled, just sometimes when troubleshooting a policy)

TP9H2oVIwb.png

The issue that I'm having is that after applying this policy HTTP traffic is being blocked by the Cleanup rule even though it is added as a service on Rule #3.

Is this how its supposed to work?

Am I missing something, or is this a bug?

0 Kudos
12 Replies
PhoneBoy
Admin
Admin
‎2024-08-15 10:19 AM

Are you managing via Infinity Portal or on-prem (and if so, what version/JHF level)?
What client version(s) is/are involved?

0 Kudos
RobertTaylor
Participant
‎2024-08-15 03:54 PM
In response to PhoneBoy

This is an Infinity Portal service (EPMaaS).

The installed version is the current recommended version 88.32.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-08-16 11:05 AM
In response to RobertTaylor

Recommend engaging the TAC here: https://help.checkpoint.com 

0 Kudos
the_rock
Legend
Legend
‎2024-08-15 10:33 AM

You mean rule 2?

Andy

0 Kudos
RobertTaylor
Participant
‎2024-08-15 03:52 PM
In response to the_rock

Sorry your correct, yes I meant rule #

0 Kudos
the_rock
Legend
Legend
‎2024-08-15 03:59 PM
In response to RobertTaylor

I dont know if fw up execute command works on smb, but you can try. Just google fw up execute check point and it will give right syntax.

Andy

0 Kudos
RobertTaylor
Participant
‎2024-08-15 04:01 PM
In response to the_rock

Is that for endpoint or gw?

0 Kudos
the_rock
Legend
Legend
‎2024-08-15 04:07 PM
In response to RobertTaylor

gateway

0 Kudos
RobertTaylor
Participant
‎2024-08-15 04:22 PM
In response to the_rock

ok
I'm having this issue on the endpoint, thanks for the help though

0 Kudos
the_rock
Legend
Legend
‎2024-08-15 04:24 PM
In response to RobertTaylor

I know you are, but fw is dropping it on wrong rule, so to me, seems like fw problem, NOT endpoint

0 Kudos
PhoneBoy
Admin
Admin
‎2024-08-16 11:04 AM
In response to the_rock

Endpoint has its own firewall that operates a bit differently from our Quantum (Spark) appliances 🙂

the_rock
Legend
Legend
‎2024-08-16 11:40 AM
In response to PhoneBoy

K, fair enough, tells u how much I know about endpoint side lol

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events