This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Oliver_222
Participant
‎2023-11-23 12:17 AM

Internet access for CheckPoint firewall objects problem

Good afternoon

We have a problem with access policies
We have configured Internet access for CheckPoint firewall objects.
But we also see that the user network 192.168.0.0 also passes this rule and they have access to the Internet. Can you tell me why this problem might occur?

0 Kudos
6 Replies
Chris_Atkinson
Employee Employee
Employee
‎2023-11-23 03:12 AM

Please share a redacted screenshot of the rules that you have created ?

If you look at the logs for this traffic which rules does it say it has matched?

CCSM R77/R80/ELITE
0 Kudos
Oliver_222
Participant
‎2023-11-23 04:09 AM
In response to Chris_Atkinson

I will correct the input information: checkpoints have access to everything, but for some reason the network 192.168.0.0 when accessing our web resource passes the rule for checkpoints.

log - 1 screenshot
Access rule for checkpoint objects - 2 screenshot
Access rule for user network- 3 screenshot
NAT rule for user network - 4 screenshot

Preview file
42 KB
Preview file
8 KB
Preview file
7 KB
Preview file
7 KB
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-11-23 05:46 AM
In response to Oliver_222

Thanks and for completeness how is the "CheckPoints" object defined?

CCSM R77/R80/ELITE
0 Kudos
Oliver_222
Participant
‎2023-11-23 06:09 AM
In response to Chris_Atkinson

This group contains firewall and management server objects

Preview file
25 KB
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-11-23 07:14 AM
In response to Oliver_222

Check the logic using a 'packet mode' search of the access policy and 'fw up_excute' from the gateway CLI.

Pending the results I would consult TAC further via a remote session to take a look without needing to censor the outputs like you might here.

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend
‎2023-11-23 07:36 AM
In response to Oliver_222

Have you done any captures to see why traffic is failing? Zdebug, tcpdump, fw monitor?

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events