This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ihenock1011
Collaborator
2 weeks ago

Best Practice for Expired rule

Hi All,

I'm interested in learning best practices for handling time-based firewall rules. In a scenario where a rule is set to automatically expire after a specific timeframe (e.g., 3 days), what's the recommended approach: deleting the rule or keeping it for audit purposes?

Thanks

3 Replies
the_rock
Legend
Legend
2 weeks ago

I always advise people to disable it for the time being and push policy, so that way if audit happens, at least its there, but not active. Then, you can delete it afterwards.

Andy

Lesley
Advisor
Advisor
2 weeks ago

Depends on the audit. Both ways are good in my opinion.

Clean them up makes the rulebase more clean and better overview. 

Also it is in general recommended to remove 0 hit or disabled rules and clean them up.

But on the other side if traffic has been allowed in the past and you have to show the rule that allowed the traffic you need to still have it. 

You can put the expired time rules within a special section title. Then at least you have them in one spot and with one click you can hide them. 

Some audits require you to keep data for years so it all depends in the audit. 

Btw audits go hand in hand with the compliance blade. With this blade you can select certain ISO etc's you want to reflect and it will check the firewall setup. Most of them show that you have to clean disabled and 0 hit rules. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
the_rock
Legend
Legend
2 weeks ago
In response to Lesley

All valid points.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events