This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
L180rMal35
Participant
‎2025-03-28 08:34 AM

Compliance blade missing checks

Hi Everyone,

We have a HA MDS server running R81.20 with Jumbo HFA take 92. The MDS server has 5 domains. We're running Compliance blade.

Each domain has 85 Security best practice checks, but 1 domain has only 80 checks.

Screenshot 2025-03-28 152541.png
 
er.png
 

Following 5 checks are missing

FW174 Check that Access Control rules do not contain 'Any' in 'Source', and 'Accept' or 'Ask' in 'Action'
FW175 Check that Access Control rules do not contain 'Any' in 'Destination', and 'Accept' or 'Ask' in 'Action'
FW176 Check that Access Control rules do not contain 'Any' in 'Services and Applications', and 'Accept' or 'Ask' in 'Action'
FW177 Check that there are no temporary Access Control rules (based on the 'Name' column)
FW178 Check that there are no temporary Access Control rules (based on the 'Comments' column)

It looks like above check have been added to Jumbo Take 26, but MDS is on Take 92 and the other domains are all good.

compl.png

 

This check are very important for me, so I'm trying to understand if it is possible to add them manualy or run some kind of update.

The second question is: Do you know how many checks all together should be in the Security Best Practice compliance?

Regards

Libor

 

 

 

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2025-03-28 02:44 PM

I suspect you're going to need to consult with TAC to understand why one domain isn't showing the relevant Compliance rules.
On the second question, not sure, but maybe @RobertoQ knows.

0 Kudos
Lesley
MVP Gold
MVP Gold
‎2025-03-29 08:14 AM

This is a long shot:

Compliance blade is missing objects in Overview:

On the Compliance server run the following in expert mode:

[Expert@HostName:0]# interpreter full_scan reset_mode

By the way if you download a fresh template from here:

https://community.checkpoint.com/t5/Compliance/bd-p/Compliance

Any would do, do you also see difference in those reports? 

Easy to do, download and import and done. 

-------
Please press "Accept as Solution" if my post solved it 🙂
L180rMal35
Participant
‎2025-03-30 01:12 PM
In response to Lesley

Thanks for this,  interpreter full_scan reset_mode didn't help and the link provided does not include template for CheckPoint Security Best Practice as far as I know,

0 Kudos
Corinne_Vakulen
Employee
Employee
‎2025-03-31 12:21 AM

Hi,

In R81.20 Compliance you should have 280 best practices.  Can you please check on your problematic domain Compliance DB if you can find the missing BPs?  Also, I would suggest running another manual run on this Domain.  Go to the Manage & Settings view > Blades > Compliance > Settings > click the Rescan button. You cannot perform any actions in the Compliance tab while the scan runs.  Let us know if it helps.  If not, I strongly recommend opening a support ticket. 

(1)
L180rMal35
Participant
‎2025-03-31 01:29 AM
In response to Corinne_Vakulen

Hi,

That's very helpful, Is there a full list you can share? I ran manual scan couple of times already, no luck. I'm going to raise a case. Thanks for your help

Libor

0 Kudos
Corinne_Vakulen
Employee
Employee
‎2025-03-31 01:46 AM
In response to L180rMal35

When you open a ticket ask as well to get a list of all BPs.    Good luck !

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events