This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
S_E_
Advisor
‎2019-04-15 06:22 AM

Verify Access Control Policy - desire feature?

Hi,

we just recognized following:

Give is a SmartCenter with multiple policies sets. Each policy has a certain firewall assigned. One of the policy set is attached to a 'test firewall' gateway, and only for test purposes. 

Running now the verifier on the SmartCenter, it checks *all* security policies, not only the active one (highlighted tab). And if there is something wrong with the 'test policy set', you are not able to verify/push one of the other policies.

Is this a desired feature or a bug?

I was originally under the impression that the policies are independent. At least, you do not use the same objects. 

 

Regards,

 

Security Management Server R80.20 Jumbo Take 10

0 Kudos
8 Replies
PhoneBoy
Admin
Admin
‎2019-04-15 07:45 AM

In R80.20, at least, you have to choose the policy you wish to verify.

Screen Shot 2019-04-15 at 10.32.30 AM.png Screen Shot 2019-04-15 at 10.33.39 AM.png

How are you verifying policy?

 

0 Kudos
S_E_
Advisor
‎2019-04-15 08:28 AM
In response to PhoneBoy

hi,

exactly as you described. Via main menu in SmartConsole.

Regards

0 Kudos
PhoneBoy
Admin
Admin
‎2019-04-15 10:04 AM
In response to S_E_

How do you know it's verifying multiple policies and not the one you specified?
0 Kudos
S_E_
Advisor
‎2019-04-15 11:39 PM
In response to PhoneBoy

hi,

good point.

Verification has been done on one of the policies. 

The verification stopped with errors. However, the test policy had a broken cluster member. (misconfiguration on the test gateway)

 

Regards

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2019-04-16 12:19 AM
In response to S_E_

You wrote: if there is something wrong with the 'test policy set', you are not able to verify/push one of the other policies.

Can you provide more details and screenshots ? Never have encountered such an issue...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
S_E_
Advisor
‎2019-04-18 04:21 AM
In response to G_W_Albrecht

hi,

sorry, can't really share a screenshot (customer system)

And it we recognized this 2 times. Obviously when someone 'played' in the test policy/test-gw.

So, meanwhile I assume. There should be no impact between the poliy sets when you are not using the same objects.

Thanks

Regards

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2019-04-18 04:30 AM
In response to S_E_

You can obfuscate / blacken any screenshot to hide customer details !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2019-04-18 12:44 PM
In response to S_E_

Might be worth a TAC case instead as this doesn't seem like expected behavior.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top