This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Aleksey135563
Participant
17 hours ago
Jump to solution

Threat Prevention

   

Could you please tell me why the exclusion rule in the Threat Prevention policy might not be triggered? We configured an exclusion rule for Threat Emulation at the IP address src:10.216.5.184 dst:146.75.119.52 (for the resource download.postgresql.org), but judging by the ITU logs, the rule isn't triggered and traffic is being routed to emulation. Traffic to emulation is routed to the following devices in the screenshot.

image001 (4).png

image002 (3).png

image001 (4).png

image003 (1).png

 

0 Kudos
1 Solution

Accepted Solutions
Martijn
Advisor
Advisor
13 hours ago
Jump to solution

Hi,

Did you made a typo in the object's configuration?
Object name is 10.216.5.184 but is the configured IP correct?

Have had this before and could not find out why a rule was not hit. It was a typo in the objects configuration.

Martijn

View solution in original post

(1)
7 Replies
tankp
Employee
Employee
16 hours ago
Jump to solution

I cannot determine from the screenshots whether the connection matched the exception rule. You can try clicking the "Add Exception" button in the connection's detailed log or consider creating a Global Exception rule.

0 Kudos
Aleksey135563
Participant
14 hours ago
In response to tankp
Jump to solution

Aleksey135563_0-1770378562549.png

 

0 Kudos
the_rock
MVP Diamond
MVP Diamond
13 hours ago
Jump to solution

I dont see the gateway listed for policy install referenced in the other screenshot you attached. Maybe thats the reason? Im referring to one called fw-internet.

Best,
Andy
0 Kudos
Martijn
Advisor
Advisor
13 hours ago
Jump to solution

Hi,

Did you made a typo in the object's configuration?
Object name is 10.216.5.184 but is the configured IP correct?

Have had this before and could not find out why a rule was not hit. It was a typo in the objects configuration.

Martijn

(1)
the_rock
MVP Diamond
MVP Diamond
12 hours ago
In response to Martijn
Jump to solution

Excellent point @Martijn . I had seen that happen to few people before, definitely worth checking.

Best,
Andy
0 Kudos
Aleksey135563
Participant
12 hours ago
Jump to solution

Thanks to everyone for the feedback, I'll try to make the rule using a different logic.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
12 hours ago
In response to Aleksey135563
Jump to solution

There is absolutely nothing wrong with your logic. Just make sure as Martijn said IP is correct and also policy is installed on the right gateway.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 24 Feb 2026 @ 04:30 PM (EST)

    Las Vegas: MDR/XMDR
    In-Person

    Wed 25 Feb 2026 @ 04:30 PM (MST)

    Tempe, AZ: MDR/MXDR
    CheckMates Events