- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Hey guys,
Hope someone might be able to help me with this, as Im totally stumped what might be "missing". So I was helping client with unrelated issue and realized that in their environment, when they click option more under policy action column, they do NOT get anything I see in my lab (below), except action and captive portal.
I verifed policy layer editor and they have exact same things selected , along with same blades, as I do in my lab.
Any idea whats missing? They also cant see ask and inform like I do in 1st screenshot.
Things we tried:
-made sure smart console is updated, reinstalled R81.20 smart console
-tested a different PC
-rebooted the mgmt
Version is R81.20 jhf 89.
Tx as always.
Andy
An actual screenshot from their environment might help.
You should also check the blades enabled in the relevant policy layer as that will impact what shows in the Track column.
As @PhoneBoy suggested these options will be shown only if the Layer Editor has Applications & URL Filtering or Content Awareness enabled.
With just Firewall there is no need for them.
Hey gents @Lesley @Amir_Senn @Chris_Atkinson @Tal_Paz-Fridman @PhoneBoy
I figured it out, always learn something new every day, hehe 🙂
So, turns out their policy editor was not exactly same as mine, apologies, I missed something yesterday. Technically, if you ONLY have fw blade enabled inside policy layer, you will NOT see extra options, as I dont see them in final allow layer in my lab where I have fw blade enabled only and I do see those options in first 3 layers.
Thanks guys as always for the help and I attached few screenshots showing this.
Andy
Is identity awareness completely configured?
It is. In my lab, I only have IC configured and works fine. Btw, this is R81.20 jumbo 89, both mgmt and cluster.
Andy
Do they see the same for a rule where the services column is populated rather than set to any?
Hey Chris,
Thats correct, its exactly the same.
Best,
Andy
To confirm the blades are enabled in the gateway object itself, what about for a rule where the destination is ' Internet' ?
(Your post already indicates you checked the policy layer/package editor blades portion)
Yes, blades are enabled. Its same issue even where Internet is the dst object. Literally, no matter what rule swe try this on, result is always the same.
Andy
Compare the user check settings under the fw gateway object in smart console.
Thanks for that @Lesley , I was going to do that tomorrow as the next step, as I cant think of anything else that might be missing.
Andy
An actual screenshot from their environment might help.
You should also check the blades enabled in the relevant policy layer as that will impact what shows in the Track column.
Yep, will get that tomorrow.
Andy
As @PhoneBoy suggested these options will be shown only if the Layer Editor has Applications & URL Filtering or Content Awareness enabled.
With just Firewall there is no need for them.
@the_rock I thought from your original post you had checked this part already, please confirm when able. 🙂
Yes, thats the first thing I checked 🙂
Andy
All the heavy cannons are here gladly helping=)
Since everyone wrote the answer, I will just add that enabling APPI/URLF as part of the policy is not enough in case of inline layer inside the policy. So if the client is missing those action, maybe the inline layer is not defined as APPI/URLF.
Hey @Amir_Senn
Thanks for your input, always appreciated man! Hey, thinking about all this, I truly believe that what @Lesley said makes most sense to me, so will verify that with the customer today and update you guys.
Andy
UC is on the GW side, the option to mark this is related to policy package. I managed to see the desired actions without any UC blades.
If UC definitions were the way to go it means by removing specific blades it will change setting on policy / make it invalid.
Ok, I see what you mean @Amir_Senn , thats also totally logical. But then Im not sure at all why customer does not see them, as their policy editor layer settings are EXACTLY SAME as mine.
Andy
One additional question for you, if you dont mind, please. So, customer mentioned to me last week and I cant for the life of me find where to do this in smart console or if its even possible. I found below thread, but dont believe its what they need.
Any idea? Essentially, say they want to block IP 10.10.10.50 (just as an example) to ONLY be able to access certain thing internally 100 times in 1 hour, thats it.
Possible?
Andy
mmm.... not sure if this is the best solution (IDK the IPS attached) but probably possible with SmartEvent correlated event or even newer and better - Playblocks.
k thank you!
Andy
Hey gents @Lesley @Amir_Senn @Chris_Atkinson @Tal_Paz-Fridman @PhoneBoy
I figured it out, always learn something new every day, hehe 🙂
So, turns out their policy editor was not exactly same as mine, apologies, I missed something yesterday. Technically, if you ONLY have fw blade enabled inside policy layer, you will NOT see extra options, as I dont see them in final allow layer in my lab where I have fw blade enabled only and I do see those options in first 3 layers.
Thanks guys as always for the help and I attached few screenshots showing this.
Andy
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
27 | |
16 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 | |
3 | |
2 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY