Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
emre
Explorer

how to find conflicts rules in firewall

Hi,


How can i find conflicts or matched rules in firewall rules. I looked at in Compliance blade but I didn't find anything about this.

 

for example, it can told me you can matched rule2 and rule3. Skybox algosec etc. applications can do but I want to do in with checkpoint management

0 Kudos
6 Replies
Tal_Paz-Fridman
Employee
Employee

The Verifier does that (and blocks Install Policy) for rules hiding one another or when rules are conflicting.

You can run it separately from the Install Policy - go to Menu > Verify Access Control Policy

0 Kudos
emre
Explorer

thank you for reply. I know this feature but I want to get more detail information and report. for example, you can merge merge this rules, you can create new group and collect below one rule. other for example, these object didn't used to any rule
0 Kudos
PhoneBoy
Admin
Admin

We offer this and a whole lot more with the SmartOptimize service: https://www.checkpoint.com/support-services/design-deploy-operate-optimize/smartoptimize/

For unused objects/rules, there are API commands/scripts that can generate a list.
Recommend searching the community.
For "merge these rules" sorts of recommendations, we don't offer any automated tools for this.
0 Kudos
emre
Explorer

Hi,

How can I find unused object in rule.

for instance there is 5 service or source object in rule but PC1 named object didn't ever hit for this rule and I should remove this object in rule

0 Kudos
mdjmcnally
Advisor

You probably better looking at 3rd Party products such as Skybox or Tufin.

These have this capability in terms of Compliance and Rulebase Optimization, can also help with Firewall Automation as well for Changes.

0 Kudos
PhoneBoy
Admin
Admin

This is not something we have currently in the product.
0 Kudos