cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Negate Cell ACL

Hello All,

I'm reviewing current configuration in a Check Point firewall and I see some negate cells in the ACLs.

Can somebody explain me what it means?

My understand is allow everything other than the negate cell, as for instance:

src                  dst                                             Action

10.10.0.1        172.16.2.71 (Negate cell)         Allow

Is there a way to query the config to see all the negate rules?

Regards,

Reinaldo

Tags (1)
0 Kudos
3 Replies

Re: Negate Cell ACL

Negate Cells are very useful, they do as you anything but the content is allowed/denied (depending on the action).

We use this a lot for inbound access from the internet and outbound to the internet. Just put RFC1918 in the source for inbound traffic and negate the RFC1918 cell. Allowing only inbound from anything but internal RFC1918 ranges. same for outbound just put RFC1918 in the destination and negate the cell.that way you prevent any traffic other RFC1918 ranges connected to the FW as DMZ's.

Regards, Maarten

Re: Negate Cell ACL

Hi Reinaldo,

Negate cells are very important in situation where you want to allow/deny anything but one particular group. 

As earlier said, you can negate RFC1918 (Private IP address range) for inbound/outbound connections. But when you add RFC1918 and if you and you add any other group , that will be negated automatically , as the actions are cell specific , so they apply to the entire cell. and the group that you negate will get negated only on that rule. if it is used in any other rule , it will remain a normal object. 

0 Kudos
Admin
Admin

Re: Negate Cell ACL

As far as I know, there is no way to query the rulebase to see where negate cell is used, which could actually be used in any one of Source, Destination, or Services / Applications.

As others have stated, it is used to mean "everything except what is listed in that cell."

0 Kudos