This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
KellanSmith
Explorer
‎2020-05-06 09:05 PM
Jump to solution

Rule with custom Service not being matched

Hi Guys,

First time posting on Checkmats so my apologies if I've posted in the wrong section.

I've run into a strange issue that I can't wrap my head around and was wondering if anyone else has run into this issue and could potentially help me figure it out. I've also scoured the User Centre for any SK regarding this issue with no luck.

 

I have a rule in my policy that allows a bunch of VPN Domain subnets to connect to destination X via tcp.3389.RDP (custom Service object). However, the traffic is being denied on the cleanup rule as its being matched under a different Service "Remote_Desktop_protocol" which I believe is a default Service object.

 

The drop is correct as there is no rule allowing this specific src to dst traffic via the service object  "Remote_Desktop_protocol". However, the traffic should be getting matched via the tcp.3389.RDP service object which is in a rule far above the drop rule.

I would like to know how does the Gateway differentiate between the two service objects  (other than ID) and why it prefers to match the traffic with the "Remote_Desktop_protocol" service rather than the custom tcp.3389.RDP service. When both service objects are configured exactly the same and the custom tcp.3389.RDP service is referenced above the cleanup rule.

 

With both Service objects being the same with the same port ranges one would think that due to the custom service being first in the policy base it would be the rule to get matched, not the cleanup rule due to the traffic not being matched and then also being specified as Remote_Desktop_protocol.

Any help figuring this out would be greatly appreciated.

 

Kind regards.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2020-05-06 10:11 PM
In response to KellanSmith
Jump to solution

First of all, it's not recommend you create a new service when we already have one pre-defined.
In fact, I think the UI warns when you do this.
There are a couple cases where it's necessary (for example, when the service has a protocol handler pre-defined and you need that protocol handler not to be active).
Pretty sure RDP has some special handling behind the scenes and that's why it didn't match your service.
A TAC case would be required to find out the exact reason.

View solution in original post

3 Replies
PhoneBoy
Admin
Admin
‎2020-05-06 09:20 PM
Jump to solution

Why do you want to use this custom service and not the default one we provide?
0 Kudos
KellanSmith
Explorer
‎2020-05-06 10:03 PM
In response to PhoneBoy
Jump to solution

Hey,

There's no particular reason, other than I was testing this out and noticed this problem and want to know how/ why the checkpoint doesn't match traffic to the custom Service? 

How does the gateway choose to match traffic on one Service object over another when they're both configured the same?

 

Regards,

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-05-06 10:11 PM
In response to KellanSmith
Jump to solution

First of all, it's not recommend you create a new service when we already have one pre-defined.
In fact, I think the UI warns when you do this.
There are a couple cases where it's necessary (for example, when the service has a protocol handler pre-defined and you need that protocol handler not to be active).
Pretty sure RDP has some special handling behind the scenes and that's why it didn't match your service.
A TAC case would be required to find out the exact reason.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top