There are logs for some logs which says added added security_rule but not all the ones. and exactly the rules i found seem doesnt exit?strange
regards 2011/7/29 a bv <[email protected]>: > Hi , > > Many thanks here is the added 'security_rule'is the clue to look for > for a new rule creation. > > Regards > > 2011/6/29 Alexey Baltacov <[email protected]>: >> Hi, >> >> Rule modification shown following way (in R65) >> >> Number: 11264 >> Date: 29Jun2011 >> Time: 9:02:38 >> Application: SmartDashboard >> Subject: Object Manipulation >> Operation: Modify Object >> Type: Log >> Object Type: firewall_policy >> Performed On: Standard >> Changes: UID = {8E7D9D25-757B-4CA4-956B-623D0A559264} >> Section Title 18 UID = >> {B893952E-ED77-4BA0-B9A7-98179F744D09} state: changed from 'collapsed' >> to 'expanded' >> Rule 159: added 'security_rule' - >> UID = {2950150B-9A7E-438A-9929-BFC280D3488C} >> Source: Lync_DMZ >> Destination: Any >> VPN: Any >> Service: domain-tcp >> Action: accept >> Install On: Cluster_IL >> Administrator: alexey >> Client: MANGIL1-VM >> Client IP: MGMT-IL (172.30.10.25) >> Object Table: fw_policies >> Operation Number: 1 >> Origin: FW1-IL >> Uid: {8E7D9D25-757B-4CA4-956B-623D0A559264} >> >> >> So you should search for relevant UID in "Changes" field of audit logs. >> Please be sure you are searching in correct logs (by date) >> >> On Wed, Jun 29, 2011 at 9:21 AM, pkc mls <[email protected]> wrote: >>> Le 27/06/2011 10:49, a bv a écrit : >>>> >>>> Hi list, >>> >>> Hi a >>>> >>>> I have some rules on the firewall and i have to find out who and when >>>> created the specific rules (numbers given) . Audit logs on >>>> smartviewtracker are not so easiliy understandable so i wanted to ask >>>> the list for the best way. >>> >>> I'm afraid it's the only way for you to trace back what has been done. >>> which version are you running ? >>> >>> looks like the 'create rule' doesn't exist in the operation list; >>> you can search when the object that are used by this rule were created. >>> you can also ask the firewall admins to comment what they do. (there is a >>> comment column in firewall rulebase). >>> >>> >>> >>> Scanned by Check Point Total Security Gateway. >>> >>> ================================================= >>> To set vacation, Out-Of-Office, or away messages, >>> send an email to [email protected] >>> in the BODY of the email add: >>> set fw-1-mailinglist nomail >>> ================================================= >>> To unsubscribe from this mailing list, >>> please see the instructions at >>> http://www.checkpoint.com/services/mailing.html >>> ================================================= >>> If you have any questions on how to change your >>> subscription options, email >>> [email protected] >>> ================================================= >>> >> >> >> >> -- >> Sincerely, >> >> Alexey Baltacov >> [email protected] | Tel: +972-504989954 >> >> Scanned by Check Point Total Security Gateway. >> >> ================================================= >> To set vacation, Out-Of-Office, or away messages, >> send an email to [email protected] >> in the BODY of the email add: >> set fw-1-mailinglist nomail >> ================================================= >> To unsubscribe from this mailing list, >> please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================= >> If you have any questions on how to change your >> subscription options, email >> [email protected] >> ================================================= >> >> Scanned by Check Point Total Security Gateway. >> > Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
