This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
KostasGR
Advisor
‎2021-04-02 02:53 AM

Policy verification between a rule that has as source access role and a rule that has as source IP.

Hello

 

Can policy verification at r80.40  work between a rule that has as source access role with specific network 192.168.1.0/24 and any user for example and a rule that has as source IP the network 192.168.1.0/24?

 

BR,

Kostas

 

 

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2021-04-03 09:27 AM

Rules are only marked as hiding when they have the same source/destination/service.
In R80.40, if such rules have the same action, they’re not flagged at all.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

For your specific question: I don’t know what the intended behavior is.

0 Kudos
the_rock
Legend
Legend
‎2021-04-03 06:48 PM

Can you send specific example (screenshot)? I believe this behavior never changed with Check Point since days of R55 or even before. If specific rule higher in the rulebase hides one below, then verification will most likely fail. Its a bit different now with layered rules, but principle is still the same.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-04-04 06:11 PM
In response to the_rock

R55 did not have Access Role objects (that only came in at R75).
That said, the basic rulebase verification logic is the same as it's been since well before that.
Between the rulebase layers and the different rulebase matching process in R80+, I'm not sure how relevant the policy verification step is.

0 Kudos
KostasGR
Advisor
‎2021-04-05 11:17 PM
In response to the_rock

Hello 

I am attaching the screenshots.

policy.png

access role.png

 The verification result is pass.

BR,

Kostas

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events