I tried "Change Report" but according to SK166435 (https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...) "Moving a rule in the policy will not appear in the report"

I tried to look for it in Audit logs but there are a lot of changes and I would need to filter it to have results only for a specific rule UID, is there such a filter? or where can i find information about all available filters?

ok, looks like some sms error. I created a test rule, copied the UID and pasted it in Audit Logs in the serch field. It found all the changes I made.

I don't know why but for the rule I'm looking for (using its UID) the last changes it finds are those from 2 years ago. But according to Installation History, the rule was moved 14 days ago.

Does anyone have any idea why I can't see this change?

Can you send a screenshot how you did a filter search?

Attached is the test rule and the correct one which changes I am looking for

I just pasted the rule UID and it searches for the right entries

Its important to follow below to make sure UUID is 100% right

https://sc1.checkpoint.com/documents/latest/APIs/#cli/show-access-rule~v1.9%20

I took some screenshots from my lab.

Andy

Using Audit Log is not a solution to my problem. I currently have an open ticket at checkpoint, after the remote session they also found that there was an error. They are currently trying to replicate the misbehavior in their lab. For some reason, only the changes made by one user 12 days ago are not shown in the adit log (at least that's the only one I know of, because there may be more).

I was hoping someone here had had a similar problem and found a solution.

You can review /var/log/audit files and see if there is anything of interest there.