- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hi Admin,
I have a question. What does implied rule number 0 means? When a traffic is accepted and logged via Implied Rule number 0, does that mean the traffic has a session?
Thanks
The following resources should help with your understanding:
https://support.checkpoint.com/results/sk/sk17745
@Capt_Mundo wrote: LiveTheOrangeLifeHi Admin,
I have a question. What does implied rule number 0 means? When a traffic is accepted and logged via Implied Rule number 0, does that mean the traffic has a session?
Thanks
Hello,
Implied Rule number 0 is a concept used in some firewall configurations. It refers to the default rule that allows traffic that doesn't match any explicit rules to be accepted and logged. When traffic is accepted and logged via Implied Rule number 0, it means that the firewall allowed the traffic because there was no specific rule to block it.
I hope this may be right answer.
Best regard,
Kristen
Handy to know
I have a stealth rule in place which is blocking outside to inside unknown traffic. but yesterday morning the firewall received a traffic from an unknown malware site and accepted/passed that malware site through an implied rule. I wonder how is it possible.
The last sentence is not true - when traffic is accepted and logged via Implied Rule, no further inspection by the FW is done, no matter if there is a specific rule to block it or not. Sounds like ChatGPT to me...
I know this is a old post. But I just wanted to correct the above statement:
When traffic is accepted and logged via Implied Rule number 0, it means that the firewall allowed the traffic because there was no specific rule to block it.
This is not the case, at least not with Check Point. Implied Rules on Check Point will match as rule 0, that is correct. But as the name implies, rule 0 comes before your explicit rules. This traffic won't get blocked by you creating rules to block it, as the traffic will always match rule 0 first.
:18190 for instance is SIC and is accepted in implied rules by default as part of "Control Connections". Unless you override and disable this, you won't be able to block TCP-18190. Even if you create rule 1 saying src:any, dst:any, service:tcp-18190, action:drop, you would still not be dropping any TCP-18190 traffic, because it's matching and being accepted in rule 0.
absolutely right
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 22 | |
| 7 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 2 | |
| 2 |
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY