This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Attiq786
Participant
‎2021-02-25 04:03 PM

SMB appliance 1570 Pre Manual Rules

Hi All,

one of our clients has seven 1570 SMB appliances and they were configured by someone who has left the company.

we are having an issue with one of the gateways which was connected just to find out that there is a Pre Manual rule at the top which is managed by cloud services and blocking all internet traffic as per attached.

All devices are managed by SMP, but on smb management portal, I cannot find the block rule. I have tried to uncheck the box (Manage in SMP) so firewall blade and access policy are not managed from cloud but it does not let me edit Pre manual rules and I cannot find where these rules are defined on the portal. access rules and URL sections are empty in the portal.

I have also tried disabling cloud services and enabling them again but the rule cannot be edited at all.

any suggestions please?

 

Loma.gif
Preview file
46 KB
0 Kudos
8 Replies
G_W_Albrecht
Legend Legend
Legend
‎2021-02-26 03:32 AM

This is documented in sk118035 and in Security Management Portal Administration Guide R12.30 p.41f:

Pre local rules are fetched before the local manual rules (created in the local settings of the Firewall Software Blades). A local administrator cannot create manual rules to override pre local rules configured by the SMP administrator.
Note - The gateway local administrator can edit only the manual rules. Pre/post local rules are locked.
Pre/post local rules are managed by Cloud Services. When you turn off Cloud Services, the pre/post local rules are deleted.

So if there is no higher SMP Administrator Account available i would suggest to contact TAC.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Attiq786
Participant
‎2021-02-26 03:42 AM
In response to G_W_Albrecht

@G_W_Albrecht Thanks for the reply.

I have contacted TAC and as usual they advise to upgrade the firmware.

I read the manual and found the same statement to turn off cloud services. did that but that did not help.

 

Thanks for your help.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-02-26 03:52 AM
In response to Attiq786

I would do a reset to factory defaults keeping the firmware version (after creating a backup file and removing it from SMP) and connecting to SMP again. Upgrading to R80.20.20 (992001869) as suggested by CP is a good idea, but i think it will not resolve the issue 8)

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Attiq786
Participant
‎2021-02-26 03:58 AM
In response to G_W_Albrecht

Thanks. this seems better option.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-03-01 04:04 AM
In response to Attiq786

Did you try that yet ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Attiq786
Participant
‎2021-03-01 05:44 AM
In response to G_W_Albrecht

Hi @G_W_Albrecht 

 

CP advised to install an EA firmware, which i refused to do on a production environment. After escalation, they have advised to delete the device from SMP and add again, as these rules were no where to be seen on SMP. 

 

doing that today. will update if successful.

0 Kudos
Attiq786
Participant
‎2021-03-03 05:18 AM
In response to Attiq786

we tried to replace the firewall again and without doing any suggested actions, i tried to remove the rules but i could not. strangely though i could disable them. which sorted the issue.

did not have to disconnect from cloud. Not sure what happened.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-03-03 05:30 AM
In response to Attiq786

Not understandable to me, but glad it works now !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    In-Person

    Tue 25 Mar 2025 @ 09:00 AM (EDT)

    Canada In-Person Cloud Security with Hands-On CloudGuard Workshops!
    In-Person

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap
    In-Person

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events
    li.common.scroll-to.top