This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ravi_Ahir
Explorer
‎2020-03-05 02:01 AM

Policy Target 'Install On'

We have Selected 'Policy  Targets' as to install on for Cluster. Policy Targets contains the specific gateway cluster.

 

Now When I install policy on 'Cluster-1' with target set as 'Cluster-1' 0nly in the situation when I do Policy Install on 'Cluster -2' it still shows installed policy changes on Cluster-1  under 'View  Chnages'.

 

I am not sure if I explained it well.

 

Thanks

Ravi 

 
 

 

 

0 Kudos
11 Replies
PhoneBoy
Admin
Admin
‎2020-03-05 05:49 PM

I'm not really following.
Screenshots might help.
0 Kudos
Ravi_Ahir
Explorer
‎2020-03-05 11:52 PM
In response to PhoneBoy

If you see attached files, Install on is set to 'Policy  Targets' which are specific to cluster only. Now When I go to install policy it shows  419 changes which we made on other clusters not on 'P-cluster'.  None of the change related  to 'P-cluster' but still it shows under changes list while I do install on 'P-cluster'.

 

 

 

 

 

 

Preview file
13 KB
Preview file
3 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2020-03-06 10:29 AM
In response to Ravi_Ahir

Did you make ANY change to ANY objects along the way?
Those object changes apply to all policy packages, even if they're not used in the package.
They are only pushed to the gateway when a policy install takes place.
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-03-07 12:10 AM
In response to PhoneBoy

Lets assume the following:

  • you have 1 policy that is used for Cluster_1 and Cluster_2
  • you make some changes
  • you push policy to Cluster_1
  • Now you want to push the policy to Cluster_2
  • You see that there are changes waiting to be installed.

This is correct, those changes had not been applied to Cluster_2 yet so they show as not finished, it is the same policy you made changes to.

Regards, Maarten
0 Kudos
Ravi_Ahir
Explorer
‎2020-03-09 12:41 AM
In response to Maarten_Sjouw

I have  deleted 1 Policy  on 'Cluster_1' and its not used on 'Cluster_2' still it shows waiting install on 'Cluster_2'.

We have 15 cluster in our environment. So if I delete  1 policy on 'Cluster_1' it shows pending install on  all rest of 14 clusters.

 

0 Kudos
Ravi_Ahir
Explorer
‎2020-03-09 12:39 AM
In response to PhoneBoy

Just not I have deleted rule on another cluster and it shows the changes on 'Cluster_P'.

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-03-09 12:50 AM
In response to Ravi_Ahir

As all your clusters use the same policy and there is a change in the policy, regardless the change, it will show that there was a change in the policy. When you delete a line, all line numbers have changed in the policy.
Regards, Maarten
0 Kudos
Ravi_Ahir
Explorer
‎2020-03-09 12:57 AM
In response to Maarten_Sjouw

We have separate policy install package 'Target' used for each clusters. So each clusters  are using different policies.  

 

I mean to say Perimeter firewall will not have same policies as inside firewall.  Still if I  made any changes on Inside firewall its shows on Perim firewall in  pending install.

 

Is this something  known or same policy thing?

 

Regards,

Ravi

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-03-09 01:22 AM
In response to Ravi_Ahir

If each policy is only related to a specific cluster, do you have the installation target set?
If not it will still think each policy is related to each cluster.
When you make changes to a object (other than rules) it is relevant to all policies and I really do not believe that the underlying technology will differentiate between gateways.

When you do use the installation targets, you do not need to use the install-on column on top of that, this will only give you a lot of work when you need to replace a cluster or rename...
Regards, Maarten
0 Kudos
Ravi_Ahir
Explorer
‎2020-03-09 02:07 AM
In response to Maarten_Sjouw

If each policy is only related to a specific cluster, do you have the installation target set? - Yes it set to specific cluster target only.

I have observed this thing in scenario where 'Object_X' is used only on 'Cluster_1' and I do changes on 'Object_X' it will set to install for all the clusters. 

Though I need to try other possible way to fix. 

 

 

0 Kudos
CSR
Contributor
‎2020-03-09 02:23 AM
In response to Ravi_Ahir

I'm not sure but maybe any Object which is used in the Policy for Cluster-1, in that particular object in NAT properties maybe its configured to install the Policy target on All/Cluster-2.
Refer to the attached screenshot for reference and check if it helps.

 

Regards,

CSR

Preview file
37 KB
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 02 Jun 2026 @ 09:00 AM (CEST)

    CheckMates Live Denmark - Aarhus
    In-Person

    Wed 03 Jun 2026 @ 09:00 AM (CEST)

    CheckMates Live Denmark - Copenhagen
    In-Person

    Fri 12 Jun 2026 @ 09:00 AM (CEST)

    Netzwerk- & Cloud-Workshop: Wien
    In-Person

    Tue 16 Jun 2026 @ 08:00 AM (EDT)

    Montreal: P’tits déj Cyber! | Cyber Breakfasts!
    CheckMates Events