This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ihenock1011
Advisor
‎2024-08-11 11:04 AM

Best Practice for Data Center and Perimeter Firewall blades to enable

Hi All,

I want to follow best practices for enabling blades on perimeter and data center firewalls, given that Sandblast license has been acquired. what is the best practice to be enabled on Data center and Perimeter security gateway.

Thanks,

0 Kudos
7 Replies
Lesley
MVP Gold
MVP Gold
‎2024-08-11 11:46 AM

Depends on the blades, what blades you want to enable? Are you going to https inspection? What will the dc firewall protect? Servers, shares etc? And perimeter, only internet access or servers in DMZ? What licenses you have know purchased? What hardware we are talking about, is it maybe Maestro or VSX?

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
Ihenock1011
Advisor
‎2024-08-11 12:01 PM
In response to Lesley

DC Firewall Protects the server farm while the perimeter gateway will protect the external facing servers and Internet. HA mode SG hardware appliance.

0 Kudos
Lesley
MVP Gold
MVP Gold
‎2024-08-11 12:21 PM
In response to Ihenock1011

And this? Depends on the blades, what blades you want to enable? Are you going to https inspection? What licenses you have now purchased? 

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
Ihenock1011
Advisor
‎2024-08-11 01:00 PM
In response to Lesley

Sandblast License. I want to know which blades should be enabled based on best practices for perimeter and data center security gateways.

0 Kudos
Wolfgang
MVP Gold
MVP Gold
‎2024-08-11 01:19 PM
In response to Ihenock1011

If you have all licenses and powerfull appliances you can enable all blades. Maybe you need some features only on one of the firewalls you can disable these, meaning as an example MobileAccessBlade only on perimeter firewall.

The answer is like a lot of other questions…. It depends 😉 

Lesley
MVP Gold
MVP Gold
‎2024-08-11 01:22 PM
In response to Ihenock1011

Really depends on the network. For example if you do not have mail servers in dc or on perimeter then there is no point checking for the Anti-spam blade or the MTA setup. Or if you do not have SMB shares then you can skip that in the inspection for AV blade(and other blades) Same for FTP. 

I don't think there is a general advice like 'if you must protect DC enable the following blades' Because you can have anything or almost nothing in a DC. Personally, I would go for all the threat prevention blades in combi with app and URL filtering. (Of course HTTS inspection, very important)

-------
Please press "Accept as Solution" if my post solved it 🙂
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2024-08-11 04:40 PM

Exploring Autonomous Threat Prevention (sk163593) is also an option to help manage the configuration.

CCSM R77/R80/ELITE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events