This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ShemHunter
Participant
‎2024-11-06 09:44 PM
Jump to solution

Identical Uids

Hi guys!

 

I have another semi-odd request that I haven't been able to get answers for elsewhere, so here goes. This is also another one that may need to end in RFE - or just be dropped as non-essential.

 

Is it possible that objects with the same UID will occur in a multi-domain CheckPoint environment (for example, objects with the same UID in different domains)?
Or is it a unique value that does not repeat?

 

Chatgpt from checkpoint we have given this information: 'In a multi-domain environment within Check Point, it is indeed possible for objects with identical UIDs to exist across different domains. Each domain operates independently with its own database, and therefore, the same UID could be assigned to objects in separate domains without conflict. This is a design feature that allows for scalability and management of distinct security policies across different organizational units or geographical locations.'

 

Thank's!

0 Kudos
2 Solutions

Accepted Solutions
Bob_Zimmerman
Authority
Authority
‎2024-11-07 08:42 AM
Jump to solution

It is possible, but statistically unlikely, for an object you have created in one management domain to get the same UUID as an object you have created in another management domain.

Some objects have the same UUID on every single Check Point management domain ever. For example, 97aeb369-9aea-11d5-bd16-0090272ccb30 is the UUID for the object "Any". Many of these objects can't be edited.

Some objects have the same UUID on every management, but they can be edited, and they are actually unique per management. The default services, for example. 97aeb3d4-9aea-11d5-bd16-0090272ccb30 is always the UUID for the service object "http" on every management server. You can't change the port of this object, but you can change its Aggressive Aging settings, cluster sync settings, and so on.

View solution in original post

0 Kudos
PhoneBoy
Admin
Admin
‎2024-11-08 06:54 AM
Jump to solution

As @Bob_Zimmerman said, it's possible objects in different domains might have the same UID, but it is statistically unlikely.
UIDs are only guaranteed to be unique within a given management domain, not across an MDS (except for "special" objects like Any).

View solution in original post

0 Kudos
5 Replies
AkosBakos
Leader Leader
Leader
‎2024-11-06 11:00 PM
Jump to solution

Hi @ShemHunter 

What is came into my mind:

Global Assignments
A global assignment is a Multi-Domain Security Management system object that assigns a global configuration to one specified Domain. You create global assignments to assign different combinations of Global Access Control Policies, Global Threat Prevention Policies, and global object definitions to different Domains.

Important - You can create a global assignment that does not include a Global Access Control and Threat Prevention Policy. To do this, select the None value to both Policy types. The global configuration assigns only the defined global objects and settings to Domains.

Maybe are looking for this? 

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Multi-DomainSecurityManagement_Adm...

 

Akos

 

----------------
\m/_(>_<)_\m/
0 Kudos
ShemHunter
Participant
‎2024-11-06 11:15 PM
In response to AkosBakos
Jump to solution

Hello Akos,

It's a little not what I need, but thanks.

Perhaps I have formulated my thought incorrectly.

There is, for example, a UID "UID: 97aeb64e-9aea-11d5-bd16-0090272ccb30"

Can I change it? If so, will it apply to all domains? That is, if I change it in one domain, will it apply this value to all domains or only for it? Is it possible to find two identical UID in a multi-domain?

0 Kudos
AkosBakos
Leader Leader
Leader
‎2024-11-06 11:32 PM
In response to ShemHunter
Jump to solution

Sorry for misunderstanding you.

Now, I leave this question to the boys 🙂 

But if we talking about databases, the UID-s must be different. That won't be a healthy situation, if there would be same UIDs in one environment. Even if the dbs are separated somehow from each other.

But the boys will answer it 🙂

Akos

 

----------------
\m/_(>_<)_\m/
Bob_Zimmerman
Authority
Authority
‎2024-11-07 08:42 AM
Jump to solution

It is possible, but statistically unlikely, for an object you have created in one management domain to get the same UUID as an object you have created in another management domain.

Some objects have the same UUID on every single Check Point management domain ever. For example, 97aeb369-9aea-11d5-bd16-0090272ccb30 is the UUID for the object "Any". Many of these objects can't be edited.

Some objects have the same UUID on every management, but they can be edited, and they are actually unique per management. The default services, for example. 97aeb3d4-9aea-11d5-bd16-0090272ccb30 is always the UUID for the service object "http" on every management server. You can't change the port of this object, but you can change its Aggressive Aging settings, cluster sync settings, and so on.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-11-08 06:54 AM
Jump to solution

As @Bob_Zimmerman said, it's possible objects in different domains might have the same UID, but it is statistically unlikely.
UIDs are only guaranteed to be unique within a given management domain, not across an MDS (except for "special" objects like Any).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top