Packet mode search through a security policy searches as if a packet is travelling through it. With inline layer rules it becomes more interesting. This examples shows a match on an inline layer rule that should have not been matched as far as I know.
Example from lab: Packet mode search string:
mode:Packet src:"HP-desktop" dst:any app:TeamViewer action:Accept
Result:
We see here a match on rule 156.2 but the source HP-desktop is not part of the network group that is used as source in rule 156. Therefore it should not have gone further down to rule 156.2 and matched on any. Is this a known limitation with packet mode search and inline layers?
| User | Count |
|---|---|
| 7 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 |
Thu 05 Oct 2023 @ 09:30 AM (IDT)
Simplifying & securing your hybrid WAN with Azure Virtual WAN & Check PointThu 05 Oct 2023 @ 11:00 AM (EDT)
Tips and Tricks 2023 #15: Linux Integration with Harmony EndpointTue 10 Oct 2023 @ 11:00 AM (CDT)
Central US: Network Security Troubleshooting Part 2: Traffic FilteringWed 11 Oct 2023 @ 06:00 PM (IDT)
Take Your Data Security Posture Management to the Next Level with CNAPPThu 05 Oct 2023 @ 11:00 AM (EDT)
Tips and Tricks 2023 #15: Linux Integration with Harmony EndpointTue 10 Oct 2023 @ 11:00 AM (CDT)
Central US: Network Security Troubleshooting Part 2: Traffic FilteringWed 11 Oct 2023 @ 06:00 PM (IDT)
Take Your Data Security Posture Management to the Next Level with CNAPPThu 12 Oct 2023 @ 10:00 AM (CEST)
Unlock the Future of Cybersecurity Services with Infinity Global Services - EMEA & APACTue 21 Nov 2023 @ 10:00 AM (CET)
CheckMates Live Lubljana - Performance Optimization WorkshopWed 22 Nov 2023 @ 10:00 AM (CET)
CheckMates Live Zagreb - Performance Optimization WorkshopThu 23 Nov 2023 @ 10:00 AM (CET)
CheckMates Live Belgrade - Performance Optimization Workshop
