- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Given that a lot of the functionality that layers provides won't actually be available until R80 Gateway is released, I'm trying to understand what benefits someone might achieve by using layered policies before R80 Gateway becomes available, if they even can.
I understand some of the R7x functionality today (e.g. IPS, Threat Prevention, App Control/URL Filtering) will map to fixed layers in the new policy-layers that can be changed once R80 gateway becomes available.
Can anyone explain to me at a high level how this works?
Please find the list of functionality that is given for Pre-R80 and R80.10 Gateways in the thread Layers in R80 . There are new benefits for all Gateway versions with layers, such as permissions per layer, and sharing of the same layer across multiple policies. The linked topic also explains how layers work in both Access Control and Threat Prevention worlds.
Please find the list of functionality that is given for Pre-R80 and R80.10 Gateways in the thread Layers in R80 . There are new benefits for all Gateway versions with layers, such as permissions per layer, and sharing of the same layer across multiple policies. The linked topic also explains how layers work in both Access Control and Threat Prevention worlds.
That definitely helped.
Assuming all blades, can you explain what order the different layers are evaluated in?
For Access Control, Ordered layers are enforced this way: When the Gateway matches a rule in a layer, it starts to evaluate the rules in the next layer.
For Threat Prevention, the different layers are evaluated on top of each other: Threat Prevention completes IPS in the same scopes. If there are contradicting rules in the different layers (functionality available for R80.10 Gateways and above), earliest layers take precedence.
That doesn't answer my question.
I'm asking specifically about the individual layers (i.e. what do we call them) and the exact order they are evaluated in (assuming I match an "allow" in each one).
Supposed that we have the 3 ordered layers as configured in the images below.
If a user inside Network51 attempts to access the IIS_Host through a gambling site in HTTPS, this is what the Gateway will evaluate:
- first, it will evaluate the rules in layer 1 "Network" and find an accept match at rule 3.
- then, because this is an "accept" match, it will evaluate the rules in layer 2 "Applications". It will match at the drop rule 1. Because this is a "drop" rule, the next ordered layers will not be evaluated at all and the connection will be dropped.
Hope this helps

Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 19 | |
| 8 | |
| 6 | |
| 6 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 2 |
Thu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealThu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASETue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeThu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY