This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
corbypower
Explorer
‎2026-02-24 03:18 AM
Jump to solution

Cleanup rule is not dropping traffic

We have a Quantum Spark 1535, R81.10.17

It is set up with "Access control: strict"

There's an outgoing cleanup rule set to drop all traffic from "any" to "internet"

And yet it's been allowing outgoing https traffic from desktop clients, and from other arbitrary ports I try

I've added a manual rule at the bottom of the list to drop  HTTP/S traffic from "internal LAN" to "internet" ( and will add another to drop everything else as I test it.)

This works to block web traffic except via our proxy - which tells me that this traffic is not being accepted in error by a preceding rule, and is also not being caught by the cleanup rule.

I don't understand why the default cleanup rule is not kicking in.

Thanks for any pointers!

 

 

Application & URL filtering is off (there's an internal web proxy)

Several outgoing rules are set to allow web traffic from the web proxy,  DNS requests from the domain controllers, which work and are logged

 

 

 

0 Kudos
2 Solutions

Accepted Solutions
_Val_
Admin
Admin
‎2026-02-24 03:52 AM
Jump to solution

The cleanup rule should be Any-Any-Drop, not Any-Internet-Drop, IMO

View solution in original post

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-24 04:54 AM
Jump to solution

Val is 100% right. Here is why it does NOT work in your case. To use object "Internet", you need to have urlf blade on. If its off, that rule would never work.

Just do any any block, it will function, for sure. Or, enable urlf and then existing one will work as well.

Best,
Andy
"Have a great day and if its not, change it"

View solution in original post

0 Kudos
5 Replies
_Val_
Admin
Admin
‎2026-02-24 03:52 AM
Jump to solution

The cleanup rule should be Any-Any-Drop, not Any-Internet-Drop, IMO

0 Kudos
Tom_Hinoue
Advisor
Advisor
‎2026-02-24 03:59 AM
Jump to solution

I believe we had a case with TAC regarding strict mode on LMM Spark about some connections are somewhat passed and not blocked as expected, which is maybe caused by strange implicit rules. You may want to open a case with TAC to get a latest R81.10.17 build to see if your issue resolves.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-24 04:54 AM
Jump to solution

Val is 100% right. Here is why it does NOT work in your case. To use object "Internet", you need to have urlf blade on. If its off, that rule would never work.

Just do any any block, it will function, for sure. Or, enable urlf and then existing one will work as well.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
corbypower
Explorer
‎2026-02-24 05:10 AM
In response to the_rock
Jump to solution

OK, thank you. The rule in question is of course automatically generated, so I can't change it.

I'll just go with a manual rule. 

I was worried something's wrong, but it looks like a quirk I can live with.

Thanks for the help!

(1)
the_rock
MVP Diamond
MVP Diamond
‎2026-02-24 05:22 AM
In response to corbypower
Jump to solution

No worries, we are always glad to help.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events