This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kitetsu89
Explorer
‎2021-03-15 03:33 AM

Rejects with Drop rules

Hi there,

I have a question about the following (R80.20)

I see in the logs that some traffic is "action: Reject", but if I look in the Access Policy I see that the action is "action: Drop". 

I noticed this with certain inspections settings as well, for instance: HTTP incompliant packets states action: Drop, but in the logs I see "Reject".

 

Help is much appreciated! Thanks

 

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2021-03-16 02:07 PM

The functional difference between a drop and a reject is that the gateway sends a RST or ICMP Unreachable message in response.
Which, for inspection settings, or anything IPS, makes sense, since you’re interrupting an in-progress connection.

the_rock
Legend
Legend
‎2021-03-16 05:26 PM

I agree 100% with answer phone boy gave. It makes total sense that anything ips related or to do with inspection would show reject, as you would get some sort of unreachable message.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top