https://community.checkpoint.com/t5/Firewall-and-Security-Management/Inline-Layers/m-p/2256#M102656 <HTML><HEAD></HEAD><BODY><P>Please see the topics <A href="https://community.checkpoint.com/thread/1092">Layers in R80</A> and <A href="https://community.checkpoint.com/thread/1201">How do I create an Access Policy for Pre-R80 GWs?</A>&nbsp; for the list of the supported features.</P><P></P><P>R80 Management has the support for inline layers, however like you said, when using them for a pre-R80.10 GW, install policy will fail. </P><P></P><P>Setting an inline layer is done by clicking a rule's action and selecting the "Inline Layer" option. You can either select an existing layer (if it's marked as <A _jive_internal="true" href="https://community.checkpoint.com/thread/1091">shared</A>) or create a new one.</P><P></P><P><IMG alt="set-inline-layer.png" class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/52490_set-inline-layer.png" style="width: 620px; height: 174px;" /></P><P></P><P>The way that inline layers work is the following: When the connection matches a parent rule that its action is an inline layer, the inline layer rules get evaluated. </P><P></P><P>Every inline layer (and also every layer) has an implicit cleanup rule that is either "any any accept" or "any any drop" set in its properties under "advanced". This means that once you go inside an inline layer, you cannot go outside back to the main layer, therefore rules in the inline layer cannot block rules that reside below the parent rule that holds them. Giving an admin the permission to only edit an inline layer will not affect the main layer that holds it.</P><P></P><P>To see the list of all layers, open the Manage Layers view from this location:</P><P><IMG alt="open-manage-layers.png" class="image-2 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/52491_open-manage-layers.png" style="width: 620px; height: 547px;" /></P></BODY></HTML> Wed, 27 Apr 2016 07:40:21 GMT Tomer_Sole 2016-04-27T07:40:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Inline-Layers/m-p/2255#M102655 <HTML><HEAD></HEAD><BODY><P>I know that inline layers are not supported for pre-R80 gateways, but can I even create them (for testing purposes) in R80 SmartConsole? It seems that only ordered layers are supported now?</P></BODY></HTML> Tue, 26 Apr 2016 16:33:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Inline-Layers/m-p/2255#M102655 Lari_Luoma 2016-04-26T16:33:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Inline-Layers/m-p/2256#M102656 <HTML><HEAD></HEAD><BODY><P>Please see the topics <A href="https://community.checkpoint.com/thread/1092">Layers in R80</A> and <A href="https://community.checkpoint.com/thread/1201">How do I create an Access Policy for Pre-R80 GWs?</A>&nbsp; for the list of the supported features.</P><P></P><P>R80 Management has the support for inline layers, however like you said, when using them for a pre-R80.10 GW, install policy will fail. </P><P></P><P>Setting an inline layer is done by clicking a rule's action and selecting the "Inline Layer" option. You can either select an existing layer (if it's marked as <A _jive_internal="true" href="https://community.checkpoint.com/thread/1091">shared</A>) or create a new one.</P><P></P><P><IMG alt="set-inline-layer.png" class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/52490_set-inline-layer.png" style="width: 620px; height: 174px;" /></P><P></P><P>The way that inline layers work is the following: When the connection matches a parent rule that its action is an inline layer, the inline layer rules get evaluated. </P><P></P><P>Every inline layer (and also every layer) has an implicit cleanup rule that is either "any any accept" or "any any drop" set in its properties under "advanced". This means that once you go inside an inline layer, you cannot go outside back to the main layer, therefore rules in the inline layer cannot block rules that reside below the parent rule that holds them. Giving an admin the permission to only edit an inline layer will not affect the main layer that holds it.</P><P></P><P>To see the list of all layers, open the Manage Layers view from this location:</P><P><IMG alt="open-manage-layers.png" class="image-2 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/52491_open-manage-layers.png" style="width: 620px; height: 547px;" /></P></BODY></HTML> Wed, 27 Apr 2016 07:40:21 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Inline-Layers/m-p/2256#M102656 Tomer_Sole 2016-04-27T07:40:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Inline-Layers/m-p/2257#M102657 <HTML><HEAD></HEAD><BODY><P>Query: when we add the Target gateway in the InLine layer then we need to explicitly add the same targets in the rules inside? I think we need not as the InLine says for which target the rules are also even if we add any other gateway as the target inside then it will not work (traffic will not match the Inline).</P><P></P><P>Is my understanding correct?</P><P></P><P>Thanks</P></BODY></HTML> Thu, 21 Feb 2019 06:51:09 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Inline-Layers/m-p/2257#M102657 Mohammed_Omin_B 2019-02-21T06:51:09Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Inline-Layers/m-p/2258#M102658 <HTML><HEAD></HEAD><BODY><P>No, that is not necessary to do.</P><P>In fact, it would be redundant to do so and make it difficult to reuse the layer on a different gateway.</P></BODY></HTML> Sun, 24 Feb 2019 02:45:05 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Inline-Layers/m-p/2258#M102658 PhoneBoy 2019-02-24T02:45:05Z