Hi,

On the event server we have installed latest JHF available for r80.30. Management is on the same versions.

Check_Point_R80_30_JUMBO_HF_Bundle_T155_sk153152_Security_Management_3_10_FULL.tgz released on February 20th

I have no other hotfix installable nor minor version.

Only package is the latest SmartConsole jumbo HF B76 available.

Thanks

Raphaël

I tried it, it works for me.

Maybe try a different rule number to see if it returns data from other rules.

Some rules only create connection logs and those aren't indexed to SME so you won't see them even if you have data for them (you can filter on connections log in the logs view, try to see if you have matches for "rule:30 AND type:"Session" ").

You can also try and filter with rule name, maybe you'll have more luck with that. I also recommend the "custom" filter.

Amir

Hi,

Still no luck with rule and session, another rule does not produce any result, the problem is still present.

I already tried with rule name with same result.

Thanks, I'll wait for the next Jumbo hotfix.

Raphaël

Hi,

as Amir said, it should work without installing any other HF.

I suggest you to open the general overview and drill down to firewall logs, it will be opened in a new logs window.

add the "access rule number" to the columns and see what rule numbers exists in those logs.

take one of them and try to apply it on the filter and see the results.

Hi,

Thanks for reply.

SO I followed your steps and in SmartView, in the logs I see the logs that interest me with the filter :

(origin:FW1 OR origin:FW2) and rule:15 and action:Drop

When I make a View with the same infos I have no result as soon as I add the rule filter.

Raphaël

Thank you Raphael,

According to your description, I think your case might fall into a known issue (that is currently under investigation).

The issue is that logs that matched on inline layer are indexed without the rule number.

Either way I suggest you open a support case to Check Point.

Thanks.