Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
487
Views
0
Helpful
4
Replies

PDM _real extension

dbourque
Level 1
Level 1

‎10-20-2005 02:48 PM - edited ‎03-09-2019 12:46 PM

I just start PDM on a production PIX that I had to take over and I can see a lot of objet with a _real and _real2 extension. Can't seem to find anything in the pdm doc about those objects that seem a duplication of existing object. What is it?

Please don't laught, I am much more confortable with a Checkpoint firewall...

Labels:
0 Helpful
4 Replies 4

jackko
Level 7
Level 7

‎10-20-2005 06:03 PM

just wondering if both _real and _real2 refer to the same ip address. if they are not the same, then i guess one is a private ip and the other one is a public ip.

if my assumption is correct, it's normal as defining objects in pix is different to checkpoint. with pix, an object is more like an ip address. thus providing a pc with two ip, you would need to create two object for the pc.

0 Helpful

dbourque
Level 1
Level 1
In response to jackko

‎10-20-2005 06:27 PM

It is the same object name (and same IP), just with a tag add to it. As if in doubt, the system duplicated the object.

Here for fun, all references to a group:

Notice the reference option in the PDM definition.

object-group network INSIDE_SRV_DC-EXCHANGE

description Ensemble des serveurs requis pour le service OWA

network-object host LEGRECO

network-object host RENOIR

network-object host CLLEXC01

network-object host MONET

network-object host SMAI50001P

network-object host SMAI50002P

network-object host SBQMAIL1

network-object host NTERSYS03

network-object host HLLEXC1

network-object host CLLEXC02

network-object host SCQEXC02

network-object host MTLEXC02

network-object host MTLEXC03

network-object host CHAEXC01

network-object host CHAEXCH02

network-object host SLVQ-MSX

network-object host SDOM50001P

network-object host SMAI50015P

network-object host SDOM50002P-LQ

network-object host SDOM50003P-LQ

network-object host SDOM50004P-500

network-object host SDOM50002P-500

object-group network INSIDE_SRV_DC-EXCHANGE_real

description Ensemble des serveurs requis pour le service OWA

network-object LEGRECO 255.255.255.255

network-object RENOIR 255.255.255.255

network-object CLLEXC01 255.255.255.255

network-object MONET 255.255.255.255

network-object host SMAI50001P

network-object host SMAI50002P

object-group network INSIDE_SRV_DC-EXCHANGE_real1

description Ensemble des serveurs requis pour le service OWA

network-object LEGRECO 255.255.255.255

network-object RENOIR 255.255.255.255

network-object CLLEXC01 255.255.255.255

network-object MONET 255.255.255.255

network-object SMAI50001P 255.255.255.255

network-object SMAI50002P 255.255.255.255

object-group network INSIDE_SRV_DC-EXCHANGE_real2

description Ensemble des serveurs requis pour le service OWA

network-object LEGRECO 255.255.255.255

network-object RENOIR 255.255.255.255

network-object CLLEXC01 255.255.255.255

network-object MONET 255.255.255.255

network-object SMAI50001P 255.255.255.255

network-object SMAI50002P 255.255.255.255

network-object SBQMAIL1 255.255.255.255

network-object NTERSYS03 255.255.255.255

network-object HLLEXC1 255.255.255.255

network-object CLLEXC02 255.255.255.255

network-object SCQEXC02 255.255.255.255

network-object MTLEXC02 255.255.255.255

network-object MTLEXC03 255.255.255.255

network-object CHAEXC01 255.255.255.255

network-object CHAEXCH02 255.255.255.255

network-object SLVQ-MSX 255.255.255.255

network-object SDOM50001P 255.255.255.255

network-object SMAI50015P 255.255.255.255

network-object SDOM50002P-LQ 255.255.255.255

network-object SDOM50003P-LQ 255.255.255.255

network-object SDOM50004P-500 255.255.255.255

network-object SDOM50002P-500 255.255.255.255

access-list ACL_SCZ permit tcp object-group SCZ_SRV_OWA object-group INSIDE_SRV_DC-EXCHANGE object-group SERVICE_OWA

access-list ACL_SCZ permit udp object-group SCZ_SRV_OWA object-group INSIDE_SRV_DC-EXCHANGE object-group SERVICE_OWA

pdm group INSIDE_SRV_DC-EXCHANGE_real inside

pdm group INSIDE_SRV_DC-EXCHANGE_real1 inside

pdm group INSIDE_SRV_DC-EXCHANGE_real2 inside

pdm group INSIDE_SRV_DC-EXCHANGE sczA reference INSIDE_SRV_DC-EXCHANGE_real2

0 Helpful

mgaysek
Level 1
Level 1
In response to dbourque

‎10-24-2005 05:38 AM

This is a bug with PDM. It tends to create duplicate object groups.

0 Helpful

ddarby1
Level 1
Level 1
In response to mgaysek

‎10-24-2005 06:11 AM

Interesting if it is a problem with PDM. It's a huge problem with VMS - it's always adding suffixes to object groups and access-lists.

Is this mentioned anywhere in PDM release notes, or perhaps a bug ID?

0 Helpful
Customers Also Viewed These Support Documents