Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
KostasGR
Advisor

Policy verification between a rule that has as source access role and a rule that has as source IP.

Hello

 

Can policy verification at r80.40  work between a rule that has as source access role with specific network 192.168.1.0/24 and any user for example and a rule that has as source IP the network 192.168.1.0/24?

 

BR,

Kostas

 

 

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

Rules are only marked as hiding when they have the same source/destination/service.
In R80.40, if such rules have the same action, they’re not flagged at all.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

For your specific question: I don’t know what the intended behavior is.

0 Kudos
the_rock
Legend
Legend

Can you send specific example (screenshot)? I believe this behavior never changed with Check Point since days of R55 or even before. If specific rule higher in the rulebase hides one below, then verification will most likely fail. Its a bit different now with layered rules, but principle is still the same.

0 Kudos
PhoneBoy
Admin
Admin

R55 did not have Access Role objects (that only came in at R75).
That said, the basic rulebase verification logic is the same as it's been since well before that.
Between the rulebase layers and the different rulebase matching process in R80+, I'm not sure how relevant the policy verification step is.

0 Kudos
KostasGR
Advisor

Hello 

I am attaching the screenshots.

policy.png

access role.png

 The verification result is pass.

BR,

Kostas

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events