- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hello,
we have a Policy with a Rule allowing traffic to single TCP port: 15672
This rule does not work, I suppose because we have er Service object, TCP-High-Ports (Includes Port range 1024 - 65535), this is shown in the log. So the Policy does not use the Selected TCP Port 15672 but uses this object, which isnt defined in this dedicated rule anbd the traffic is dropped.
How can we fix this?
I can neither see the rule nor your rule base - so better open an SR# with CP TAC to get this resolved !
TCP Port is defined in rule number 32
But Traffic passes on temp any any rule number 38 as service object "tcp-high-ports"
it should pass by rule 32 not 38 already
the blacked parts of the rules are correct, the traffic should go over rule 32.
The service shown in the log doesn't correspond to anything. The actual log entry only has the port number. SmartConsole then takes that port number and tries to resolve it to an object name to be helpful. You can totally ignore the object name shown there.
In your original post, you mention the port at issue is 15600. The service in the rule you have shared is named 15672, implying it matches that port rather than 15600. Which port are you actually trying to match? Are you sure the service object in the rule matches that port? Ignore the name of the service object and only look at the contents.
In your screenshot @Roadrunner88 , it shows name as tcp 15672, NOT 15000, unless you are trying to trick us with the name 🙂
Can you verify what is the actual post number?
Andy
yes I wanted to anonymise a little bit but doesnt matter, the point is the same...
what do you mean by the post number?
the port is written in rule 32 but the firewall does not use this rule , but uses the any any rule with this high port range.
source and destination in rule 32 is correct.
If the traffic is not matching an access rule, then one of four things is happening. Either:
One of those four items is the cause 99.999% of the time traffic doesn't match an access rule someone expects. Check the values of the objects in the rule, not the names. Make sure the firewall is in the "Install On" column, or that column is set to Policy Targets and the policy's installation targets includes the firewall. Make sure the policy has been pushed.
Valid points, but sometimes even with those conditions, rule might not get matched.
I meant port number, what is the post number in that service?
Andy
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 12 | |
| 12 | |
| 9 | |
| 7 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 |
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY