About CMachado

Hi! Forgot to add that I'm actually using Firefox 🙂 ... View more

Oh, now I get it.   Maybe try opening and editing the rulebase file with Notepad++ and see if you can remove some of the rules from the original config and try to load it into Expedition. Another option would be to ask in the Check Mates community at community.checkpoint.com if there are any equivalents of the R80 commands in R77.   Best of luck. ... View more

Hey!   I think this has to do with the fact that Gaia pre-R80 handles files in a different format that R80+ (R80 is postgres). So, if you're migrating from R77 those commands won't work.   There is a selector on top of Expedition when you're importing the config that lets you choose whether the config comes from a pre-R80 or a R80+ system.   In the case of pre-R80, you will need these files:   Hope this helps!   ... View more

Good to hear!   Sorry I didn't get back to you sooner, but I got caught up with work. ... View more

Hi!   Usually, when you see "not-applicable" in the application field in traffic logs it means that the firewall is actually denying traffic based on legacy attributes like source and destination IPs and ports and not the next-generation attributes like the application. This is totally normal, because remember rules are applied from left to right, so the firewall first matches the legacy attributes in order to try to filter as much traffic as it can using the least resources possible. If traffic matches source and destination IPs and ports (and zones), then the firewall starts matching the application and other harder-to-identify elements like the URL category.   All of this is normal and it's done so the firewall doesn't waste resources trying to identify the application for a session that is going to be discarded (denied/dropped) anyways because it didn't pass the basic filtering (based on IPs and ports). So, unless you're having problems with legitimate traffic being dropped or denied way too early during processing and you're seeing "not-applicable" as a result of this, there nothing you should do, as your firewall is working as it should.   Useful docs on this: Not-applicable in Traffic Logs  Not-Applicable, Incomplete, Insufficient Data in the Application Field    Hope this helps! ... View more

Hi, Mónica. Try zipping the file and uploading it as if it were multiple files. Worked for me. ... View more

Oohhh, I see it now.   Thanks! I'll try it and let you know. ... View more

It won't fail over to the other ISP even if it determines that the routes from the downed ISP are not valid? (using static routes).   I mean, I thought it didn't matter how the VR acquired the routes (dinamically or statically). ... View more

Appreciate your reply!   I looked into some other routing protocols, but the customer wants to work with only certain established routes.   Reading more into ECMP, I think it will provide both the redundancy and load balancing the customer wants, since it will use all of the available routes and distribute the load between them, and will drop, as you mentioned, any route from a downed ISP and keep balancing the load between the available ones. ... View more

Hey, Reaper.   Thanks for replying.   1. I actually didn't disable ECMP for the tests, now that I think about it. Could we then say ECMP and PBF (for this use case) are mutually exclusive?   2. Is there a way to achieve both results? ISP redundancy in case any of the ISPs fail, but load balancing when both of them are ok.   I guess the real question is, if ECMP is balancing the load between routes, would it be able to assign the complete load to a surviving route in the case one of the ISPs fail? ... View more