This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
ED
Advisor
‎2018-02-13 03:22 AM

Packet mode search and inline layer rules

Packet mode search through a security policy searches as if a packet is travelling through it. With inline layer rules it becomes more interesting. This examples shows a match on an inline layer rule that should have not been matched as far as I know. 

Example from lab: Packet mode search string:

mode:Packet src:"HP-desktop" dst:any app:TeamViewer action:Accept

Result:

 packet mode search result

We see here a match on rule 156.2 but the source HP-desktop is not part of the network group that is used as source in rule 156. Therefore it should not have gone further down to rule 156.2 and matched on any. Is this a known limitation with packet mode search and inline layers?

Labels
0 Kudos
3 Replies
Tomer_Sole
Employee Alumnus
Employee Alumnus
‎2018-02-13 03:34 AM

Hi, you are correct. We are working to fix this issue. We will update here once a target version has its fix.

0 Kudos
Karim_Thabet
Explorer
‎2019-04-01 06:35 AM
In response to Tomer_Sole

Hi, you are correct. We are working to fix this issue. We will update here once a target version has its fix.

Hi Tomer,

I hope everything is well with you.

Do you know if this issue has been fixed?

If so, do you know which target version has the fix ?

Thank you Tomer.

 

 

0 Kudos
Karim_Thabet
Explorer
‎2019-04-01 06:42 AM
In response to Tomer_Sole

Hi Tomer,

I hope everything is well with you.

Do you know if this issue has been fixed?

If so, do you know which target version has the fix ?

Thank you Tomer.
0 Kudos