Using Domain Objects in the rulebase might cause wrong policy actions in R80.10 JHF Take_91-103
- Using Domain Objects in the rule base (directly or in a group) might cause wrong policy actions on Security Gateways running R80.10 Jumbo Hotfix Take_91-103.
- The rule that is enforced is not the one with the Domain objects (or group containing such objects) as it should, but rather a different irrelevant rule.
- In the accept log, the reason will appear as "Connection terminated before detection..." (see sk113479 for more details on this log reason).
- Sometimes no log will be created. Sometimes debug logs will show "Reason: Rulebase - ERROR;".
This problem was fixed. The fix is included in:
If you use Domain objects in Non-FQDN mode (see sk120633 for details) - you must install Take_112 or higher.
The Hotfix should be installed on the Security Gateway. Installing it on the Security Management is also recommended but it is not a must.
Check Point recommends to always upgrade to the most recent version (upgrade Security Gateway / upgrade Cluster / upgrade Security Management Server / upgrade Multi-Domain Security Management Server).