Support Center > Search Results > SecureKnowledge Details
No Audit to "Negate" of src/dst/svc when adding new rule
Symptoms
  • cpdWhen creating a rule and the service is negate (for example "not cpd"), the audit log shows a change in the rule with the service, but without the negate (for example "Service: cpd").
  • (rule 1 is negate and rule 2 isn't) fwm debug, in the log creation, shows:
    [FWM 11613 1940403904]@MGMT[21 Jul 18:59:43] CBinObjCommon::PackLogData: Field number:8, Data offset:53, Type:eFtCstring,
    Value:Rule 1: added 'security_rule' - ; UID = {F29815D8-0F3F-4B09-B71F-1C0C1F12AE36};Source: MGMT ;Destination: Any ;VPN: Any ;Service: Backage ;Action: accept;Install On: Any ; Rule is enabled. ;
    Rule 2: added 'security_rule' - ; UID = {8EAE0EB9-85DE-4215-A7EE-F4C227979B9E};Source: MGMT ;Destination: Any ;VPN: Any ;Service: Backage ;Action: accept;Install On: Any ; Rule is enabled. ;
Cause

The negate in the GUI is translated into an attribute of the object. It is not an object by itself.

A new rule will describe in the created audit log, the fields added and not their attributes. So, for example, if we add service cpd marked as negate in a new rule it will only describe the service as "cpd".

When editing an existing rule, the audit will show "not in" (negate) as it looks for the differances between the rule before and after the change.


Solution
Note: To view this solution you need to Sign In .