cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Policies in Traditional and Simplified mode

Jump to solution

Is it possible to copy all firewall, QoS rules from a simplified policy to a traditional policy?

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
Admin
Admin

Re: Policies in Traditional and Simplified mode

Jump to solution
10 Replies
Admin
Admin

Re: Policies in Traditional and Simplified mode

Jump to solution

Traditional Mode policies have been discouraged since at least NG (R5x) versions.

In R80, the ability to create new Traditional Mode policies was removed and isn't coming back.

What's the real problem you're trying to solve?

Let's find a way to solve that in a way that doesn't involve Traditional Mode policies.

Re: Policies in Traditional and Simplified mode

Jump to solution

Hello Dameon,

Thank you first.

I have a IPsec VPN established and I need to forward all Internet traffic to this tunnel, but only one internal subnet must be affected on tihs.

How can I do this using communities?

0 Kudos
Admin
Admin

Re: Policies in Traditional and Simplified mode

Jump to solution

Re: Policies in Traditional and Simplified mode

Jump to solution

Thank you Dameon.

I want to send to that tunnel only requests from 192.168.1.0/24 going to the Internet (example);

Thinking on that, I will need to exclude all my internal subnets going to the Internet, example:

// // User defined INSPECT code //  vpn_exclude_src={<192.168.1.1,192.168.1.254>}; vpn_exclude_dst={<I need to put all Internet IPs here?>};  #ifndef IPV6_FLAVORipv #define NON_VPN_TRAFFIC_RULES ((src in vpn_exclude_src) and (dst in vpn_exclude_dst)) #else #define NON_VPN_TRAFFIC_RULES 0 #endif

So, I'll need to put all Internet IPs on vpn_exclude_dst?

0 Kudos
Admin
Admin

Re: Policies in Traditional and Simplified mode

Jump to solution

Correct.

All IPs can be represented using the range specified in the All_Internet object, which is <0.0.0.0,255.255.255.255>.

Re: Policies in Traditional and Simplified mode

Jump to solution

Thanks

0 Kudos

Re: Policies in Traditional and Simplified mode

Jump to solution

And a curious thing: why Check Point does not put this kind of configuration in the Smart Dashboard?

0 Kudos
Admin
Admin

Re: Policies in Traditional and Simplified mode

Jump to solution
If I had to guess, it's because it's not a common use case.

I personally hadn't heard of this specific use case before.

0 Kudos

Re: Policies in Traditional and Simplified mode

Jump to solution

Uhmmm... but this case does not sounds like a not common case.

If it was a common case, we will not have a SK to this kind of situation...

0 Kudos
Admin
Admin

Re: Policies in Traditional and Simplified mode

Jump to solution
SKs exist for both common and uncommon issues.
0 Kudos