Checkpoint Bug: Dynamic objects

Improper dynamic objects configuration causes antispoof action on Checkpoint firewall R77.20.


Situation:

Dynamic object was used in firewall policy, but it was not configured on Gaia level.


Behavior


1. Rule was not working :)
2. Other, not related traffic was blocked:
2.1. Session log was not generated
2.2. Checkpoint generated Address spoofing log with Detect action

Dynamic object feature didn't work but it also affected other traffic, but only there, where destination IP and port in packet where same as destination and service in ruleset. If we consider source as ANY then rule was matched. Generated log said "Address spoofing: detect" but traffic was in fact blocked.
Checkpoint should skip rule with dynamic object as there was obvious dynamic object misconfiguration.


Solution

Fixed in 77.30.