This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
marcinw
Contributor
‎2024-02-23 02:08 AM

Traffic prevented on Anti-Bot but accepted on firewall

Hi 


I am wondering if this is something that I should be worry about ? I assume that it should be alright that traffic is accepted on implied rule and next is stopped by Anti-bot 

 

ipsprev.png

 

 

0 Kudos
3 Replies
AmirArama
Employee
Employee
‎2024-02-23 03:32 AM

the traffic is accepted by the Firewall blade access (implied rules) but dropped by AB. 

you can double check it with tcpdump/fw monitor/fw ctl zdebug + drop | grep x.x.x.x

Lesley
Mentor Mentor
Mentor
‎2024-02-23 03:42 AM

Looks normal behavior. Sometimes the firewall needs to allow a bit of traffic in order to further check it. It can happen that firewall decides to block it in a later stadium. 

Also some policy’s are separate. For example firewall policy and app / url filtering can be separate. So traffic first passes firewall rule base and it is allowed. But then I check the application filtering rulebase and then it could be blocked. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
the_rock
Legend
Legend
‎2024-02-23 05:55 AM

As Amir had said, I would also do zdebug to confirm.

Best,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top