[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Heads UP! Service Object Change, Don't Do it...
I am not sure if any one else has run into this problem but I did in a big way last night. I am a little new to checkpoint FW-1 and I also am trying to work through an inherited rule base that is + 75 rules. I am not trying to make an excuse just inform you as to my reason for some changes I was making. I was going through the rule base yesterday and making name change to the services objects. (i.e. if we had an object that was TCP based and doing something on a specific port, to make quick review of the rule base; I changed the object to read TCP-<port#>). In my over zealous attempt at simplification I also made the name change to all services, i.e. TCP-telnet by adding, TCP-telnet-<port#> and to the default objects. Again, this was done in the "Service Properties" window under the General- Name tab. All I added was the name <telnet-<port#>. No change was made to the Port number or the protocol type. The only thing that was added was the addition of the port # after the name. This may sound confusing and let me tell you, it was very confusing trying to figure it out. I guess you are never to change the default service objects. Being new and having graduated the checkpoint class I do not remember any one ever saying don't change the default objects. If any one knows where this is documented please let me know. If any one is even thinking about changing the object don't. I am not sure why a name change would effect the service but apparently it does. Hope this helps at least one person. Joseph L. Cosgriff ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|