Solved: Re: Identical Uids

ShemHunter

Hi guys!

I have another semi-odd request that I haven't been able to get answers for elsewhere, so here goes. This is also another one that may need to end in RFE - or just be dropped as non-essential.

Is it possible that objects with the same UID will occur in a multi-domain CheckPoint environment (for example, objects with the same UID in different domains)?
Or is it a unique value that does not repeat?

Chatgpt from checkpoint we have given this information: 'In a multi-domain environment within Check Point, it is indeed possible for objects with identical UIDs to exist across different domains. Each domain operates independently with its own database, and therefore, the same UID could be assigned to objects in separate domains without conflict. This is a design feature that allows for scalability and management of distinct security policies across different organizational units or geographical locations.'

Thank's!

Bob_Zimmerman

It is possible, but statistically unlikely, for an object you have created in one management domain to get the same UUID as an object you have created in another management domain.

Some objects have the same UUID on every single Check Point management domain ever. For example, 97aeb369-9aea-11d5-bd16-0090272ccb30 is the UUID for the object "Any". Many of these objects can't be edited.

Some objects have the same UUID on every management, but they can be edited, and they are actually unique per management. The default services, for example. 97aeb3d4-9aea-11d5-bd16-0090272ccb30 is always the UUID for the service object "http" on every management server. You can't change the port of this object, but you can change its Aggressive Aging settings, cluster sync settings, and so on.

View solution in original post

PhoneBoy

As @Bob_Zimmerman said, it's possible objects in different domains might have the same UID, but it is statistically unlikely.
UIDs are only guaranteed to be unique within a given management domain, not across an MDS (except for "special" objects like Any).

View solution in original post

AkosBakos

Hi @ShemHunter

What is came into my mind:

Global Assignments
A global assignment is a Multi-Domain Security Management system object that assigns a global configuration to one specified Domain. You create global assignments to assign different combinations of Global Access Control Policies, Global Threat Prevention Policies, and global object definitions to different Domains.

Important - You can create a global assignment that does not include a Global Access Control and Threat Prevention Policy. To do this, select the None value to both Policy types. The global configuration assigns only the defined global objects and settings to Domains.

Maybe are looking for this?

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Multi-DomainSecurityManagement_Adm...

Akos

----------------
\m/_(>_<)_\m/

ShemHunter

Hello Akos,

It's a little not what I need, but thanks.

Perhaps I have formulated my thought incorrectly.

There is, for example, a UID "UID: 97aeb64e-9aea-11d5-bd16-0090272ccb30"

Can I change it? If so, will it apply to all domains? That is, if I change it in one domain, will it apply this value to all domains or only for it? Is it possible to find two identical UID in a multi-domain?

AkosBakos

Sorry for misunderstanding you.

Now, I leave this question to the boys 🙂

But if we talking about databases, the UID-s must be different. That won't be a healthy situation, if there would be same UIDs in one environment. Even if the dbs are separated somehow from each other.

But the boys will answer it 🙂