https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37289#M3059 <HTML><HEAD></HEAD><BODY><P>Uhmmm... but this case does not sounds like a not common case.</P><P></P><P>If it was a common case, we will not have a SK to this kind of situation...</P></BODY></HTML> Fri, 06 Jul 2018 23:16:51 GMT Jones_Jardel_Po 2018-07-06T23:16:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37280#M3050 <HTML><HEAD></HEAD><BODY><P>Is it possible to copy all firewall, QoS rules from a simplified policy to a traditional policy?</P></BODY></HTML> Fri, 06 Jul 2018 15:41:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37280#M3050 Jones_Jardel_Po 2018-07-06T15:41:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37281#M3051 <HTML><HEAD></HEAD><BODY><P>Traditional Mode policies have been discouraged since at least NG (R5x) versions.</P><P>In R80, the ability to create new Traditional Mode policies was removed and isn't coming back.</P><P></P><P>What's the real problem you're trying to solve?</P><P>Let's find a way to solve that in a way that doesn't involve Traditional Mode policies.</P></BODY></HTML> Fri, 06 Jul 2018 16:57:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37281#M3051 PhoneBoy 2018-07-06T16:57:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37282#M3052 <HTML><HEAD></HEAD><BODY><P>Hello Dameon,</P><P></P><P>Thank you first.</P><P></P><P>I have a IPsec VPN established and I need to forward all Internet traffic to this tunnel, but only one internal subnet must be affected on tihs.</P><P></P><P>How can I do this using communities?</P></BODY></HTML> Fri, 06 Jul 2018 17:25:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37282#M3052 Jones_Jardel_Po 2018-07-06T17:25:23Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37283#M3053 <HTML><HEAD></HEAD><BODY><P>This exact problem (and solution) is here:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk86582&amp;partition=Advanced&amp;product=IPSec" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk86582&amp;partition=Advanced&amp;product=IPSec">Excluding subnets in encryption domain from accessing a specific VPN community</A>&nbsp;</P></BODY></HTML> Fri, 06 Jul 2018 19:59:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37283#M3053 PhoneBoy 2018-07-06T19:59:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37284#M3054 <HTML><HEAD></HEAD><BODY><P>Thank you Dameon.</P><P></P><P>I want to send to that tunnel only requests from 192.168.1.0/24 going to the Internet (example);</P><P></P><P>Thinking on that, I will need to exclude all my internal subnets going to the Internet, example:</P><P></P><PRE style="color: #000000; background-color: #ffffff; font-size: 14px;">// // User defined INSPECT code //&nbsp; vpn_exclude_src={&lt;192.168.1.1,192.168.1.254&gt;}; vpn_exclude_dst={&lt;I need to put all Internet IPs here?&gt;};&nbsp; #ifndef IPV6_FLAVORipv #define NON_VPN_TRAFFIC_RULES ((src in vpn_exclude_src) and (dst in vpn_exclude_dst)) #else #define NON_VPN_TRAFFIC_RULES 0 #endif</PRE><P></P><P>So, I'll need to put all Internet IPs on&nbsp;vpn_exclude_dst?</P></BODY></HTML> Fri, 06 Jul 2018 22:18:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37284#M3054 Jones_Jardel_Po 2018-07-06T22:18:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37285#M3055 <HTML><HEAD></HEAD><BODY><P>Correct.</P><P>All IPs can be represented using the range specified in the All_Internet object, which is &lt;0.0.0.0,255.255.255.255&gt;.</P></BODY></HTML> Fri, 06 Jul 2018 22:32:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37285#M3055 PhoneBoy 2018-07-06T22:32:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37286#M3056 <HTML><HEAD></HEAD><BODY><P>Thanks</P></BODY></HTML> Fri, 06 Jul 2018 22:36:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37286#M3056 Jones_Jardel_Po 2018-07-06T22:36:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37287#M3057 <HTML><HEAD></HEAD><BODY><P><SPAN>And a curious thing: why Check Point does not put this kind of configuration&nbsp;</SPAN><SPAN>in</SPAN><SPAN><SPAN>&nbsp;</SPAN>the Smart Dashboard?</SPAN></P></BODY></HTML> Fri, 06 Jul 2018 22:40:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37287#M3057 Jones_Jardel_Po 2018-07-06T22:40:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37288#M3058 <HTML><HEAD></HEAD><BODY><SPAN>If I had to guess, it's because it's not a common use case.</SPAN><P class="">I personally hadn't heard of this specific use case before.</P></BODY></HTML> Fri, 06 Jul 2018 22:51:21 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37288#M3058 PhoneBoy 2018-07-06T22:51:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37289#M3059 <HTML><HEAD></HEAD><BODY><P>Uhmmm... but this case does not sounds like a not common case.</P><P></P><P>If it was a common case, we will not have a SK to this kind of situation...</P></BODY></HTML> Fri, 06 Jul 2018 23:16:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37289#M3059 Jones_Jardel_Po 2018-07-06T23:16:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37290#M3060 <HTML><HEAD></HEAD><BODY><SPAN>SKs exist for both common and uncommon issues.</SPAN></BODY></HTML> Fri, 06 Jul 2018 23:40:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Policies-in-Traditional-and-Simplified-mode/m-p/37290#M3060 PhoneBoy 2018-07-06T23:40:51Z