FireWall-1 FAQ: What is Rule 0?
Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.
I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.
If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)
If a packet is dropped, but it is not dropped as the result of a specific rule in the rulebase, it is usually dropped on Rule 0. There are several reasons why a packet might be dropped on rule 0:
- Anti-spoofing violation. The connection may violate your anti-spoofing settings.
- Authentication Failures. Whether or not this is logged is set in the Authentication tab of the Rulebase Properties.
- SYNDefender warning. The “Display Warning Messages” checkbox in the SYNDefender tab of the rulebase properties is where this is disabled.
- SecuRemote authentication (successful ones). This is controlled on a per-user basis.
- A security feature in FireWall-1 is dropping the packet. The specific reason is listed in the Info field of the log entry. This error can likely be searched for in the FAQ.
Just saw the other day, while testing NG AI R55, that it would elaborate more on the reason this log was made.