Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
S_E_
Advisor

Verify Access Control Policy - desire feature?

Hi,

we just recognized following:

Give is a SmartCenter with multiple policies sets. Each policy has a certain firewall assigned. One of the policy set is attached to a 'test firewall' gateway, and only for test purposes. 

Running now the verifier on the SmartCenter, it checks *all* security policies, not only the active one (highlighted tab). And if there is something wrong with the 'test policy set', you are not able to verify/push one of the other policies.

Is this a desired feature or a bug?

I was originally under the impression that the policies are independent. At least, you do not use the same objects. 

 

Regards,

 

Security Management Server R80.20 Jumbo Take 10

0 Kudos
8 Replies
PhoneBoy
Admin
Admin

In R80.20, at least, you have to choose the policy you wish to verify.

Screen Shot 2019-04-15 at 10.32.30 AM.png Screen Shot 2019-04-15 at 10.33.39 AM.png

How are you verifying policy?

 

0 Kudos
S_E_
Advisor

hi,

exactly as you described. Via main menu in SmartConsole.

Regards

0 Kudos
PhoneBoy
Admin
Admin

How do you know it's verifying multiple policies and not the one you specified?
0 Kudos
S_E_
Advisor

hi,

good point.

Verification has been done on one of the policies. 

The verification stopped with errors. However, the test policy had a broken cluster member. (misconfiguration on the test gateway)

 

Regards

 

0 Kudos
G_W_Albrecht
Legend
Legend

You wrote: if there is something wrong with the 'test policy set', you are not able to verify/push one of the other policies.

Can you provide more details and screenshots ? Never have encountered such an issue...

CCSE CCTE CCSM SMB Specialist
0 Kudos
S_E_
Advisor

hi,

sorry, can't really share a screenshot (customer system)

And it we recognized this 2 times. Obviously when someone 'played' in the test policy/test-gw.

So, meanwhile I assume. There should be no impact between the poliy sets when you are not using the same objects.

Thanks

Regards

 

0 Kudos
G_W_Albrecht
Legend
Legend

You can obfuscate / blacken any screenshot to hide customer details !

CCSE CCTE CCSM SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

Might be worth a TAC case instead as this doesn't seem like expected behavior.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events