Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RemoteUser
Advisor
Jump to solution

Connectione Persistence

Can someone please explain the purpose of the following Connection Persistence settings on gateways?

  1. Keep all connections

  2. Keep data connections

  3. Rematch connections

Thanks a lot 

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP

Connection Persistence

Getting here - Gateway Properties > Other > Connection persistence

What can I do here?

In this window you can determine how the Check Point Security Gateway treats existing connections when a security policy is installed.


What background information do I need to know?

Check Point Security Gateway provides the best combination between security and connectivity, thereby maintaining maximum connectivity without compromising security.

In Check Point Security Gateway Stateful Inspection, a packet is matched against the security policy Rule Base only when a new connection is established.

If the Action for a matched connection is Accept, then an entry is created in the connections table so all future packets that belong to this connection are accepted without referring to the policy.

When a new policy is installed, existing connections are marked as "old". When a new packet that belongs to an "old" connection is encountered, it is matched against the policy. If the policy match result is Accept, the entry will revert back to a normal state and the connection will continue uninterrupted. If the result is Drop or Reject then the packet is dropped and the connection entry is deleted from the table.


Tell me about the fields...

  • Keep all connections keeps all control and data connections open until the connections have ended. The newly installed policy will be enforced only for new connections.
  • Keep Data Connections keeps all data connections open until the connections have ended. Control connections that are not allowed under the new policy will be terminated.
  • Rematch Connections means that all connections not allowed under the new policy will be terminated, unless the service has Keep connections open after policy has been installed is enabled in the Service Properties window.
CCSM R77/R80/ELITE

View solution in original post

0 Kudos
4 Replies
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP

Please review sk103598 and let me know if it is helpful for you.

CCSM R77/R80/ELITE
0 Kudos
RemoteUser
Advisor

To be honest, I didn't understand much from this sk

0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP

Connection Persistence

Getting here - Gateway Properties > Other > Connection persistence

What can I do here?

In this window you can determine how the Check Point Security Gateway treats existing connections when a security policy is installed.


What background information do I need to know?

Check Point Security Gateway provides the best combination between security and connectivity, thereby maintaining maximum connectivity without compromising security.

In Check Point Security Gateway Stateful Inspection, a packet is matched against the security policy Rule Base only when a new connection is established.

If the Action for a matched connection is Accept, then an entry is created in the connections table so all future packets that belong to this connection are accepted without referring to the policy.

When a new policy is installed, existing connections are marked as "old". When a new packet that belongs to an "old" connection is encountered, it is matched against the policy. If the policy match result is Accept, the entry will revert back to a normal state and the connection will continue uninterrupted. If the result is Drop or Reject then the packet is dropped and the connection entry is deleted from the table.


Tell me about the fields...

  • Keep all connections keeps all control and data connections open until the connections have ended. The newly installed policy will be enforced only for new connections.
  • Keep Data Connections keeps all data connections open until the connections have ended. Control connections that are not allowed under the new policy will be terminated.
  • Rematch Connections means that all connections not allowed under the new policy will be terminated, unless the service has Keep connections open after policy has been installed is enabled in the Service Properties window.
CCSM R77/R80/ELITE
0 Kudos
RemoteUser
Advisor

tank you very much!!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events