This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Michael_Horne
Advisor
‎2021-10-13 12:09 AM
Jump to solution

R81 location of implied_rules.def

Hello All,

I am looking for the location of the implied_rules.def on a Management  sever running R81. I am looking to remove RADIUS from the implied rules so that it can travel over a site to site VPN.

sk92281 mentions that for R81 you should refer to the Security Management Administration Guide, except that a search of this for the word "implied_rules", does not show any mention of the location for implied_rules.defScreenshot 2021-10-13 090115.png

I did find the versions of the file in $FWDIR/lib directory and updated them:

Screenshot 2021-10-13 090541.png

This has not changed the list of implied rules when I view them in SmartConsole. We did do a "cpstop" before changing the files and did a "cpstart" after updating the files as per sk31692.

Screenshot 2021-10-13 090230.png

Also a test of RDAIUS traffic does not show in the logs, so I assume the the implied rules are still being match.

Can anyone point me in the location of the implied_rules.def for R81?

Many thanks,

Michael

2 Solutions

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
‎2021-10-13 06:33 AM
In response to Chris_Atkinson
Jump to solution

I have a response to my feedback - the information has just recently been added, also for simple SMS: This is a link to the relevant section:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topi...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

12 Replies
G_W_Albrecht
Legend Legend
Legend
‎2021-10-13 12:42 AM
Jump to solution

I gave feedback for sk92281 as no location is given in the Admin Guides, but it also says: 

The "implied_rules.def" file is a placeholder for implied security rules.

All the changes made in this file are transferred to the managed Security Gateway / Cluster during policy installation.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Michael_Horne
Advisor
‎2021-10-13 01:29 AM
In response to G_W_Albrecht
Jump to solution

Hello,

I can confirm that a policy installation was done after following the process for updating the "implied_rules.def" file.  It was an assumption, that once the restart of the management services using "cpstop" then "cpstart" as per the RADIUS SK sk31692, that listed implied rules visible in SmartConsole would reflect the fact that RADIUS rules were removed.  If not, it woudl be very confusing.

It does seem that the implied_rules.def in $FWDIR/lib is the correct location of this file, although it did not have the expected result. So that is why I was looking for confirmation of the correct location as it is not specifically mentioned in sk92281 

Many thanks,

Michael

0 Kudos
_Val_
Admin
Admin
‎2021-10-13 01:40 AM
In response to Michael_Horne
Jump to solution

Yes it is. $FWDIR/lib/

However, it seems the lines you grep-ed are commented out, aren't they?

0 Kudos
Michael_Horne
Advisor
‎2021-10-13 01:51 AM
In response to _Val_
Jump to solution

Hello,

I followed the instructions in sk31692 and it only mentioned to remove the one line: 

SK.png

I am not sure exactly how the management server uses this file or the syntax, but it looks similar to the syntax used in C programing files with the # denoting commands that are specific to the compiling process. They also use #define and #if. 

I am not sure that the lines starting with # are comments

 

Many thanks,

Michael

_Val_
Admin
Admin
‎2021-10-13 02:55 AM
In response to Michael_Horne
Jump to solution

You are right, it is not commented, my bad. With R81, I think you need to reboot the management so the file is pulled properly. If it still does not work for you, please open a TAC case

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-10-13 02:04 AM
In response to Michael_Horne
Jump to solution

$FWDIR/lib is the correct place for R81 gateways.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-10-13 06:33 AM
In response to Chris_Atkinson
Jump to solution

I have a response to my feedback - the information has just recently been added, also for simple SMS: This is a link to the relevant section:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topi...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Michael_Horne
Advisor
‎2021-10-14 02:02 AM
In response to G_W_Albrecht
Jump to solution

Hello,

I believe you have found the root cause of my problem, as the target gateways are still running R80.40. I have only updated the files for the R81 gateways.

This table is not in my PDF version of the R81 Admin guide.

Many thanks,

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-10-14 02:26 AM
In response to Michael_Horne
Jump to solution

That his table is not in my PDF version of the R81 Admin guide also was my issue !  Solution:

- open the Admin Guide on page 3 Important Information

- click Download the latest version of this document in PDF format

- look if the date on the cover page is later as the one of  your PDF

8)

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
G_W_Albrecht
Legend Legend
Legend
‎2021-10-14 07:23 AM
In response to Michael_Horne
Jump to solution

If it works now, i would appreciate a Kudo 8)

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Michael_Horne
Advisor
‎2021-10-14 12:39 PM
In response to G_W_Albrecht
Jump to solution

Both the table and also how to download the latest version using the link in the PDF, both earn Kudo points.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top