Hi , Many thanks here is the added 'security_rule'is the clue to look for for a new rule creation.
Regards 2011/6/29 Alexey Baltacov <[email protected]>: > Hi, > > Rule modification shown following way (in R65) > > Number: 11264 > Date: 29Jun2011 > Time: 9:02:38 > Application: SmartDashboard > Subject: Object Manipulation > Operation: Modify Object > Type: Log > Object Type: firewall_policy > Performed On: Standard > Changes: UID = {8E7D9D25-757B-4CA4-956B-623D0A559264} > Section Title 18 UID = > {B893952E-ED77-4BA0-B9A7-98179F744D09} state: changed from 'collapsed' > to 'expanded' > Rule 159: added 'security_rule' - > UID = {2950150B-9A7E-438A-9929-BFC280D3488C} > Source: Lync_DMZ > Destination: Any > VPN: Any > Service: domain-tcp > Action: accept > Install On: Cluster_IL > Administrator: alexey > Client: MANGIL1-VM > Client IP: MGMT-IL (172.30.10.25) > Object Table: fw_policies > Operation Number: 1 > Origin: FW1-IL > Uid: {8E7D9D25-757B-4CA4-956B-623D0A559264} > > > So you should search for relevant UID in "Changes" field of audit logs. > Please be sure you are searching in correct logs (by date) > > On Wed, Jun 29, 2011 at 9:21 AM, pkc mls <[email protected]> wrote: >> Le 27/06/2011 10:49, a bv a écrit : >>> >>> Hi list, >> >> Hi a >>> >>> I have some rules on the firewall and i have to find out who and when >>> created the specific rules (numbers given) . Audit logs on >>> smartviewtracker are not so easiliy understandable so i wanted to ask >>> the list for the best way. >> >> I'm afraid it's the only way for you to trace back what has been done. >> which version are you running ? >> >> looks like the 'create rule' doesn't exist in the operation list; >> you can search when the object that are used by this rule were created. >> you can also ask the firewall admins to comment what they do. (there is a >> comment column in firewall rulebase). >> >> >> >> Scanned by Check Point Total Security Gateway. >> >> ================================================= >> To set vacation, Out-Of-Office, or away messages, >> send an email to [email protected] >> in the BODY of the email add: >> set fw-1-mailinglist nomail >> ================================================= >> To unsubscribe from this mailing list, >> please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================= >> If you have any questions on how to change your >> subscription options, email >> [email protected] >> ================================================= >> > > > > -- > Sincerely, > > Alexey Baltacov > [email protected] | Tel: +972-504989954 > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > Scanned by Check Point Total Security Gateway. > Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Scanned by Check Point Total Security Gateway.
