This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hugo_vd_Kooij
Advisor
‎2018-11-08 04:44 AM

R80(.20) rule matching

I was a bit surprised by the rule matching logic in R80(.20).

I have a parent rule for Internal to DMZ traffic:

And a parent rule for Internal to Internal traffic:

In the Internal to Internal policy I have a rule for my Active Directory traffic:

But as I missed a protocol in this bunch the traffic was dropped. But not on the rule I expected it to be dropped on:

So why would it drop on the wrong rule here?

There seems to be an inconsistence in the logging as it goes from Internal to Internal on the left hand but on the right hand it declares it from Internal to DMZ.

Can anyone explain why this inconsistence behaviour occurs?

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
2 Replies
Vladimir
Champion
Champion
‎2018-11-08 05:12 AM

Hugo,

The only thing that comes to mind is if your DMZs IPv6 scope is including the destination, but there is likely a mechanism that should prevent it from happening.

Tal_Ben_Avraham
Employee
Employee
‎2018-11-08 06:33 AM

Hi,

Please verify your topology configuration. If it is configured correctly please open a support ticket.

Thanks,

Tal

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events