Hi Team,
we have a lookup table in checkpoint app name checkpoint_actions_te.csv,
in that te_action is mapped against splunk action,
In te_action there are many action taken by checkpoint like deferred (allowed blocked ctl allow prevent monitor askdetect redirect detect drop ) and splunk action column contain (deferred,allowed,blocked)
please find below table
deferred deferred
allowed allowed
blocked blocked
ctl deferred
allow allowed
prevent blocked
monitor deferred
ask deferred
detect deferred
redirect deferred
detect deferred
drop blocked
reject blocked
as per my understanding deferred traffic is also allowed traffic need more clarification,
please share any reference question if already asked,
Thanking
... View more