This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
MVP Gold
MVP Gold
‎2024-12-10 01:36 PM
Jump to solution

Certain options missing under action column in management policy

Hey guys,

Hope someone might be able to help me with this, as Im totally stumped what might be "missing". So I was helping client with unrelated issue and realized that in their environment, when they click option more under policy action column, they do NOT get anything I see in my lab (below), except action and captive portal.

I verifed policy layer editor and they have exact same things selected , along with same blades, as I do in my lab.

Any idea whats missing? They also cant see ask and inform like I do in 1st screenshot.

Things we tried:

-made sure smart console is updated, reinstalled R81.20 smart console

-tested a different PC

-rebooted the mgmt

Version is R81.20 jhf 89.

Tx as always.

Andy

 

Screenshot_1.png

 

Screenshot_2.png

Best,
Andy
0 Kudos
3 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-12-10 04:32 PM
Jump to solution

An actual screenshot from their environment might help.
You should also check the blades enabled in the relevant policy layer as that will impact what shows in the Track column.

image.png

View solution in original post

Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2024-12-10 10:45 PM
Jump to solution

As @PhoneBoy suggested these options will be shown only if the Layer Editor has Applications & URL Filtering or Content Awareness enabled.

With just Firewall there is no need for them.

 

Layer Editor.png

 

 

View solution in original post

the_rock
MVP Gold
MVP Gold
‎2024-12-11 05:20 AM
Jump to solution

Hey gents @Lesley @Amir_Senn @Chris_Atkinson @Tal_Paz-Fridman @PhoneBoy 

I figured it out, always learn something new every day, hehe 🙂

So, turns out their policy editor was not exactly same as mine, apologies, I missed something yesterday. Technically, if you ONLY have fw blade enabled inside policy layer, you will NOT see extra options, as I dont see them in final allow layer in my lab where I have fw blade enabled only and I do see those options in first 3 layers.

Thanks guys as always for the help and I attached few screenshots showing this.

Andy

Screenshot_1.png

 

Screenshot_2.png

 

Screenshot_3.png

 

Screenshot_4.png

 

Screenshot_5.png

 

Screenshot_6.png

 

Screenshot_7.png

 

Best,
Andy

View solution in original post

21 Replies
D_W
Advisor
‎2024-12-10 01:55 PM
Jump to solution

Is identity awareness completely configured?

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-12-10 02:17 PM
In response to D_W
Jump to solution

It is. In my lab, I only have IC configured and works fine. Btw, this is R81.20 jumbo 89, both mgmt and cluster.

Andy

Best,
Andy
0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2024-12-10 02:52 PM
Jump to solution

Do they see the same for a rule where the services column is populated rather than set to any?

CCSM R77/R80/ELITE
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-12-10 02:59 PM
In response to Chris_Atkinson
Jump to solution

Hey Chris,

Thats correct, its exactly the same.

Best,

Andy

Best,
Andy
0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2024-12-10 03:19 PM
In response to the_rock
Jump to solution

To confirm the blades are enabled in the gateway object itself, what about for a rule where the destination is ' Internet' ?

(Your post already indicates you checked the policy layer/package editor blades portion)

CCSM R77/R80/ELITE
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-12-10 03:41 PM
In response to Chris_Atkinson
Jump to solution

Yes, blades are enabled. Its same issue even where Internet is the dst object. Literally, no matter what rule swe try this on, result is always the same.

Andy

Best,
Andy
0 Kudos
Lesley
MVP Gold
MVP Gold
‎2024-12-10 03:59 PM
Jump to solution

Compare the user check settings under the fw gateway object in smart console. 

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-12-10 04:10 PM
In response to Lesley
Jump to solution

Thanks for that @Lesley , I was going to do that tomorrow as the next step, as I cant think of anything else that might be missing.

Andy

Best,
Andy
0 Kudos
PhoneBoy
Admin
Admin
‎2024-12-10 04:32 PM
Jump to solution

An actual screenshot from their environment might help.
You should also check the blades enabled in the relevant policy layer as that will impact what shows in the Track column.

image.png

the_rock
MVP Gold
MVP Gold
‎2024-12-10 04:39 PM
In response to PhoneBoy
Jump to solution

Yep, will get that tomorrow.

Andy

Best,
Andy
0 Kudos
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2024-12-10 10:45 PM
Jump to solution

As @PhoneBoy suggested these options will be shown only if the Layer Editor has Applications & URL Filtering or Content Awareness enabled.

With just Firewall there is no need for them.

 

Layer Editor.png

 

 

Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2024-12-11 01:25 AM
In response to Tal_Paz-Fridman
Jump to solution

@the_rock I thought from your original post you had checked this part already, please confirm when able. 🙂

CCSM R77/R80/ELITE
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-12-11 04:26 AM
In response to Chris_Atkinson
Jump to solution

Yes, thats the first thing I checked 🙂

Andy

Best,
Andy
0 Kudos
Amir_Senn
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2024-12-11 02:37 AM
Jump to solution

All the heavy cannons are here gladly helping=)

Since everyone wrote the answer, I will just add that enabling APPI/URLF as part of the policy is not enough in case of inline layer inside the policy. So if the client is missing those action, maybe the inline layer is not defined as APPI/URLF.

Kind regards, Amir Senn
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-12-11 04:27 AM
In response to Amir_Senn
Jump to solution

Hey @Amir_Senn 

Thanks for your input, always appreciated man! Hey, thinking about all this, I truly believe that what @Lesley said makes most sense to me, so will verify that with the customer today and update you guys.

Andy

Best,
Andy
0 Kudos
Amir_Senn
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2024-12-11 04:57 AM
In response to the_rock
Jump to solution

UC is on the GW side, the option to mark this is related to policy package. I managed to see the desired actions without any UC blades.

If UC definitions were the way to go it means by removing specific blades it will change setting on policy / make it invalid.

Kind regards, Amir Senn
the_rock
MVP Gold
MVP Gold
‎2024-12-11 05:07 AM
In response to Amir_Senn
Jump to solution

Ok, I see what you mean @Amir_Senn , thats also totally logical. But then Im not sure at all why customer does not see them, as their policy editor layer settings are EXACTLY SAME as mine.

Andy

Best,
Andy
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-12-11 05:46 AM
In response to Amir_Senn
Jump to solution

@Amir_Senn 

One additional question for you, if you dont mind, please. So, customer mentioned to me last week and I cant for the life of me find where to do this in smart console or if its even possible. I found below thread, but dont believe its what they need.

Any idea? Essentially, say they want to block IP 10.10.10.50 (just as an example) to ONLY be able to access certain thing internally 100 times in 1 hour, thats it.

Possible?

Andy

https://community.checkpoint.com/t5/Security-Gateways/Limit-number-of-connections-from-one-IP-to-che...

Best,
Andy
0 Kudos
Amir_Senn
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2024-12-11 07:57 AM
In response to the_rock
Jump to solution

mmm.... not sure if this is the best solution (IDK the IPS attached) but probably possible with SmartEvent correlated event or even newer and better - Playblocks.

Kind regards, Amir Senn
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-12-11 07:58 AM
In response to Amir_Senn
Jump to solution

k thank you!

Andy

Best,
Andy
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-12-11 05:20 AM
Jump to solution

Hey gents @Lesley @Amir_Senn @Chris_Atkinson @Tal_Paz-Fridman @PhoneBoy 

I figured it out, always learn something new every day, hehe 🙂

So, turns out their policy editor was not exactly same as mine, apologies, I missed something yesterday. Technically, if you ONLY have fw blade enabled inside policy layer, you will NOT see extra options, as I dont see them in final allow layer in my lab where I have fw blade enabled only and I do see those options in first 3 layers.

Thanks guys as always for the help and I attached few screenshots showing this.

Andy

Screenshot_1.png

 

Screenshot_2.png

 

Screenshot_3.png

 

Screenshot_4.png

 

Screenshot_5.png

 

Screenshot_6.png

 

Screenshot_7.png

 

Best,
Andy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events