Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Chinmaya_Naik
Advisor

Current Rule Number in SmartConsole in R80

Dear Team,

I need to understand the "Current Rule Number" in Smartconsole R80 Logs and Monitor Section.

1590490753636_image001~2.png

 

Find the below details of my understanding : 

It means Changed rule position if any from previous log recorded.
Example: When a log is first recorded, it matches Rule #1. After some rule base addition, it changes we move to rule no #6 . So the same log entry will show Current rule as #6.

Kindly update.

Regards

Chinmaya

8 Replies
Amir_Senn
Employee
Employee

The field "Current Rule Number" is an old field that's no longer in use. Thank you for bringing this to our attention, I'll request to remove it.

When traffic is matched on different rule it will generate additional logs and not move logs between rules.

Kind regards, Amir Senn
Chinmaya_Naik
Advisor

@Amir_Senn Thanks for the update. Can you pls explain using a example. Thanks and regards @Chinmaya
PhoneBoy
Admin
Admin

Let's assume that when the traffic was matched and log was generated, the rule was rule 3.
Now you've made some changes to the policy and that same rule is rule 5.
That field would reflect the new rule number.

However, this log field is no longer in use, as noted.
0 Kudos
Amir_Senn
Employee
Employee

That means that for each rule you get a different log. Logs only update when new information relevant arrives that's related to a certain rule and all the relevant attributes are the same.

For example: If I have a rule for restricting "Social Media" but I allow anything else. Let's say I surf to YouTube, a log is created and being update with relevant information every few minutes. Then I try to surf to Facebook - I'm getting blocked but this is not updated on the log for YouTube, it creates a different log. Then if I surf to Gmail I also get a new log because it doesn't match the first log in the application name field. If I leave Gmail and return to YouTube, then the log will update again since I'm matching rule and all relevant data in the log, such as application name.

For firewall rules it will work the same, where application name is could be change for service etc.

Kind regards, Amir Senn
0 Kudos
Chinmaya_Naik
Advisor

Hi @Amir_Senn  @PhoneBoy  and Team
 
Find the below output of my LAB setup.
 
OS : R77.30 Distributed Setup
Blade Enable: Firewall
 
Setup:
 
2020-06-27_100410.png
 
SmartView Tracker Output
 
current rule 01.png
 
Change the Policy Package Name
 
current rule 02.png
 
SmartView Tracker Output
 
current rule 03.png
 
As I can see, the current rule and rule number features are showing almost same output; only policy package name added in current rule section .like "Rule Number + Policy Package Name".
 
Pls clearify me any difference between them.
 
@Amir_Senn not able to understand from your last update
 
 
Regards
 
 
0 Kudos
PhoneBoy
Admin
Admin

You did not show the screenshot of the CheckpointEngineer policy.
However, I suspect it's showing based on what CheckpointEngineer policy would allow.

Just to clarify, R77.30 is End of Support.
If this isn't the intended behavior, it's not going to be fixed.
0 Kudos
Chinmaya_Naik
Advisor

Hi @Phoneboy and Team

Thanks for the update.

CheckpointEngineer police package is having same rule only.

I just need to understand the difference.

And I know that "current rule" features is already no longer use in R80.

Because some of our customers is need to understand this feature because after upgrade to R80 "current rule" tab is showing blank.

Kindly clarify 

@Chinmaya_Naik 

0 Kudos
PhoneBoy
Admin
Admin

It's expected behavior for it to be blank in R80.x as it is unused.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events