This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
donat5
Explorer
‎2020-03-26 12:49 PM
Jump to solution

Negating a specific object

I noticed that the option to negate a specific object is no long available in R80.xx, only available option is "negate cell"

I wonder why CheckPoint removed such a important feature.

I am simply trying to allow "any" but deny/negate "https" in the services cell, does anyone have a workaround?

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2020-03-26 09:26 PM
Jump to solution

I've been using Check Point since version 2 and I'm pretty sure it was never allowed to negate a specific object in a cell with two or more items in it.

Here's a snapshot from R77.30 where I'm selecting a specific object and I'm being offered "Negate Cell"  

Screen Shot 2020-03-26 at 9.12.06 PM.png

And it shows like this when negated.

Screen Shot 2020-03-26 at 9.18.56 PM.png

Visually, it looks a little different in R80.x:

Screen Shot 2020-03-26 at 9.13.50 PM.png

In either case, the effect is the same.

View solution in original post

0 Kudos
8 Replies
Maarten_Sjouw
Champion
Champion
‎2020-03-26 02:50 PM
Jump to solution

Negate the cell which in fact stops anything but what is in that cell.
It might be named a bit different but it still works the same.
Regards, Maarten
0 Kudos
donat5
Explorer
‎2020-03-26 04:27 PM
In response to Maarten_Sjouw
Jump to solution

 

@Maarten_Sjouw 

This even makes things more complicated; I would like to allow everything but https, how should my rule look like?

Any represents a lot of services which I cannot list.

 

0 Kudos
Ryan_Ryan
Advisor
‎2020-03-26 04:40 PM
In response to donat5
Jump to solution

I think your only option is two rules

 

top rule - service https - action - drop

second rule allow any

0 Kudos
donat5
Explorer
‎2020-03-26 05:09 PM
In response to Ryan_Ryan
Jump to solution

@Ryan_Ryan 

It seems so far the only option but why cp decided to get rid of such a good feature?

Now we end up with 2 rules instead of 1; I think checkpoint should reconsider putting this feature back.

0 Kudos
Ryan_Ryan
Advisor
‎2020-03-26 05:17 PM
In response to donat5
Jump to solution

No idea..

 

Its possible with network groups - create group with exclusion

seems there is no option to create service group with exclusion - you could have created a group containing tcp and udp 1-65535 and icmp and then exclude https.

 

If you wanted a really ugly solution you could create a group like above but with tcp range 1-442 and range 444-65535 group that together with udp range all ports and icmp.

 

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-03-26 11:14 PM
In response to donat5
Jump to solution

It would look just like this, it allows my home lan to anything but the RFC1918 networks on any port but HTTP/HTTPS:

Negate.JPG

Regards, Maarten
PhoneBoy
Admin
Admin
‎2020-03-26 09:26 PM
Jump to solution

I've been using Check Point since version 2 and I'm pretty sure it was never allowed to negate a specific object in a cell with two or more items in it.

Here's a snapshot from R77.30 where I'm selecting a specific object and I'm being offered "Negate Cell"  

Screen Shot 2020-03-26 at 9.12.06 PM.png

And it shows like this when negated.

Screen Shot 2020-03-26 at 9.18.56 PM.png

Visually, it looks a little different in R80.x:

Screen Shot 2020-03-26 at 9.13.50 PM.png

In either case, the effect is the same.

0 Kudos
donat5
Explorer
‎2020-03-27 07:12 AM
In response to PhoneBoy
Jump to solution

Oh...then I misunderstood @Maarten_Sjouw explaination and thought that everything in the cell is allowed and the rest dropped. This makes sense now, thanks @PhoneBoy 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events