Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vladimir
Champion
Champion

Why are the Implicit Cleanup Action settings being ignored?

When "Accept" is selected in the inline layer's "Advanced" properties for the Implicit Cleanup Action, resultant cleanup rule created with "Drop" action:

4 Replies
Tomer_Sole
Mentor
Mentor

Hi, Implicit Cleanup only matters if there's no explicitly defined cleanup rule at the end of the layer. 

It is still a best practice to create an explicit rule and have it logged. This is how the layer looks like when there isn't an explicit cleanup rule at all:

We will try to highlight contradicting cases like this better in the user interface. 

For more details - https://community.checkpoint.com/message/8860-re-layers-and-the-cleanup-rule 

0 Kudos
Vladimir
Champion
Champion

So in effect, when I am specifying "Accept", only the hidden rule is being created and appended at the end of the layer after the Explicit Cleanup rule created with the layer:

Where Explicit Cleanup rule could not be deleted and, if modified, will trigger the appearance of the "Implicit" Cleanup rule:

0 Kudos
Tomer_Sole
Mentor
Mentor

Explicit cleanup rule can be deleted and if deleted triggers the appearance (and enforcement) of the implicit cleanup rule. 

The reason why the implicit cleanup rule isn’t displayed when there’s an explicit any, any, any, is because it is ignored by the gateway as well since there’s never going to be unmatched traffic. 

0 Kudos
Vladimir
Champion
Champion

OK, the "Delete" option is grayed-out in the screenshot of my previous post only if it is the only rule in the newly declared layer.

Thank you for clarification.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events