The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Using Domain Objects in the rulebase might cause wrong policy actions in R80.10 JHF Take_91-103
|
Technical Level
|
Solution ID |
sk133176 |
Technical Level |
|
Severity |
High |
Product |
Quantum Security Gateways |
Version |
R80.10 (EOL) |
Date Created |
02-Aug-2018
|
Last Modified |
22-Oct-2018
|
Symptoms
- Using Domain Objects in the rule base (directly or in a group) might cause wrong policy actions on Security Gateways running R80.10 Jumbo Hotfix Take_91-103.
- The rule that is enforced is not the one with the Domain objects (or group containing such objects) as it should, but rather a different irrelevant rule.
- In the accept log, the reason will appear as "Connection terminated before detection..." (see sk113479 for more details on this log reason).
- Sometimes no log will be created. Sometimes debug logs will show "Reason: Rulebase - ERROR;".
Solution
This problem was fixed. The fix is included in:
If you use Domain objects in Non-FQDN mode (see sk120633 for details) - you must install Take_112 or higher.
The Hotfix should be installed on the Security Gateway. Installing it on the Security Management is also recommended but it is not a must.
Check Point recommends to always upgrade to the most recent version (upgrade Security Gateway / upgrade Cluster / upgrade Security Management Server / upgrade Multi-Domain Security Management Server).