This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JustinLow
Contributor
‎2023-09-28 06:32 PM
Jump to solution

Access role object on threat prevention policy rule

Hi All,

 

Recently I tried to set the access role object as the Protected Scope under the Threat Prevention policy rule. However the policy installation is failed with Threat Prevention policy and succeeded with Access Control policy. The error message is as below,

--------------------------------------------------------------------------------
- Identity awareness changes were detected in the Anti Malware rule base. Access policy installation is required.
- Unknown user group 'ad_branch_Test'
- Operation was unsuccessful.
--------------------------------------------------------------------------------

 

Can anyone advice on this?

Preview file
47 KB
Preview file
28 KB
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-09-28 07:12 PM
Jump to solution

The error message is pretty clear: use of an Access Role in a Threat Prevention policy requires installing the Access Policy.
First-time usage of an Access Role requires a full Access Policy installation prior to being used in the Threat Prevention policy.
You attempted to do both at the same time, which will fail since the Threat Prevention policy gets installed before the Access Policy in most cases.

I suspect if you perform another policy installation, it should succeed.

View solution in original post

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2023-09-28 07:12 PM
Jump to solution

The error message is pretty clear: use of an Access Role in a Threat Prevention policy requires installing the Access Policy.
First-time usage of an Access Role requires a full Access Policy installation prior to being used in the Threat Prevention policy.
You attempted to do both at the same time, which will fail since the Threat Prevention policy gets installed before the Access Policy in most cases.

I suspect if you perform another policy installation, it should succeed.

0 Kudos
JustinLow
Contributor
‎2023-09-28 07:42 PM
In response to PhoneBoy
Jump to solution

Hi PhoneBoy,

 

I see. That's why it is failed when install both at the same time. I reinstall the policy separately and now it is working fine. Thank you for your reply

 

 

0 Kudos
israelsc
Contributor
Contributor
‎2023-11-01 07:20 PM
In response to PhoneBoy
Jump to solution

Hi guys, I have the same error, I get the following output when trying to install a policy:
 
Status: Failed
- is_whitelist_domain_enable: is_ok_for_whitelist_domain_look_for_inactive() returned false for action
- Identity awareness changes were detected in the Anti Malware rule base. Access policy installation is required.
- Unknown user group 'ad_user_XYZ'
- Operation was unsuccessful.
--------------------------------------------------------------------------------
 
The difference is that my customer placed an "Access Role" object as a source in an exception rule of the Threat Prevention Rule.
It is also important to mention, that the firewall I am having policy installation error is a Quantum Spark Check Point 1570 Appliance R81.10.07 - Build 430.
 
Is there any limitation with the access role in the threat prevention rules for the quantum spark?

I tried to install both policies separately and both at the same time but I have same results: policity installation error.
 
Greetings!
0 Kudos
PhoneBoy
Admin
Admin
‎2023-11-02 10:33 AM
In response to israelsc
Jump to solution

Did you install Access Policy after creating and publishing the relevant Access Role(s)? 
This is required before you can use an Access Role in a Threat Prevention policy.
The fact this is on an SMB appliance shouldn't matter.

0 Kudos
israelsc
Contributor
Contributor
‎2023-11-02 12:32 PM
In response to PhoneBoy
Jump to solution

Hello,

Yes, the customer installed Access Control Policy after creating exceptions in the Threat Prevention policy with Access Roles inside the rules source and it was the same result.

Just today, the customer told me that he removed these Access Roles from the Threat Prevention rules that applied to a Spark Firewall and after installing the policies (Access and TP policies), they could be installed correctly.

It seems that these Access Roles objects in Threat Prevention Policy cause an error in the installation in a SMB - Quantum firewall.

I can't find any documentation to confirm this theory, but that seems to have been the solution.

Regards!

0 Kudos
PhoneBoy
Admin
Admin
‎2023-11-02 12:46 PM
In response to israelsc
Jump to solution

That may be true, but the limitation should be documented.
Recommend a TAC case to confirm it: https://help.checkpoint.com 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events