Move Reject action in rulebase

Harald_Hansen · ‎2018-11-20

When working with rulebases that are assigned to internal zone firewalls (not exposed directly to the internet) it makes sense to use action reject in stead of drop.

R80.10 has moved reject from directly accessible in the dropdown on the action column to the more... menu. This makes working with new rules harder.

I would like you to either move this option back permanently or on a preference basis.

Now I either have to copy a template/existing rule with reject or use the api when I want to add multiple reject rules as a work around. This is not very user friendly, it worked well in R77.30 SmartDashboard. Why change it for changes sake?

G_W_Albrecht · ‎2018-11-20

This rather sounds like a RFE - tell CP about it here:

Products and Feature Suggestions

Note the RFE Number and hand it to your local SE to get more support for it.

PhoneBoy · ‎2018-11-20

While we still support using Reject as an action, it's generally not Best Practice to do so.

I suppose by moving it to a "More" menu, we are encouraging this Best Practice more directly

In any case, it's good feedback.

Harald_Hansen · ‎2018-11-21

In the OP I explained the rationale on why we use reject in stead of drop. When Check Point creates best practices you do not take into account a lot of issues that occur in datacenters with legacy applications.

So my request is valid, please take this into account.

PhoneBoy · ‎2018-11-21

I didn't say your request was not valid.

In fact, I even said it was good feedback

I was merely explaining the rationale.

We can certainly consider it for a later release.

An RFE like Guenther suggested probably wouldn't hurt.