This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RemoteUser
Advisor
‎2025-06-30 02:38 AM
Jump to solution

Connectione Persistence

Can someone please explain the purpose of the following Connection Persistence settings on gateways?

  1. Keep all connections

  2. Keep data connections

  3. Rematch connections

Thanks a lot 

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-06-30 03:10 AM
In response to RemoteUser
Jump to solution

Connection Persistence

Getting here - Gateway Properties > Other > Connection persistence

What can I do here?

In this window you can determine how the Check Point Security Gateway treats existing connections when a security policy is installed.


What background information do I need to know?

Check Point Security Gateway provides the best combination between security and connectivity, thereby maintaining maximum connectivity without compromising security.

In Check Point Security Gateway Stateful Inspection, a packet is matched against the security policy Rule Base only when a new connection is established.

If the Action for a matched connection is Accept, then an entry is created in the connections table so all future packets that belong to this connection are accepted without referring to the policy.

When a new policy is installed, existing connections are marked as "old". When a new packet that belongs to an "old" connection is encountered, it is matched against the policy. If the policy match result is Accept, the entry will revert back to a normal state and the connection will continue uninterrupted. If the result is Drop or Reject then the packet is dropped and the connection entry is deleted from the table.


Tell me about the fields...

  • Keep all connections keeps all control and data connections open until the connections have ended. The newly installed policy will be enforced only for new connections.
  • Keep Data Connections keeps all data connections open until the connections have ended. Control connections that are not allowed under the new policy will be terminated.
  • Rematch Connections means that all connections not allowed under the new policy will be terminated, unless the service has Keep connections open after policy has been installed is enabled in the Service Properties window.
CCSM R77/R80/ELITE

View solution in original post

0 Kudos
4 Replies
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-06-30 02:53 AM
Jump to solution

Please review sk103598 and let me know if it is helpful for you.

CCSM R77/R80/ELITE
0 Kudos
RemoteUser
Advisor
‎2025-06-30 03:04 AM
In response to Chris_Atkinson
Jump to solution

To be honest, I didn't understand much from this sk

0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-06-30 03:10 AM
In response to RemoteUser
Jump to solution

Connection Persistence

Getting here - Gateway Properties > Other > Connection persistence

What can I do here?

In this window you can determine how the Check Point Security Gateway treats existing connections when a security policy is installed.


What background information do I need to know?

Check Point Security Gateway provides the best combination between security and connectivity, thereby maintaining maximum connectivity without compromising security.

In Check Point Security Gateway Stateful Inspection, a packet is matched against the security policy Rule Base only when a new connection is established.

If the Action for a matched connection is Accept, then an entry is created in the connections table so all future packets that belong to this connection are accepted without referring to the policy.

When a new policy is installed, existing connections are marked as "old". When a new packet that belongs to an "old" connection is encountered, it is matched against the policy. If the policy match result is Accept, the entry will revert back to a normal state and the connection will continue uninterrupted. If the result is Drop or Reject then the packet is dropped and the connection entry is deleted from the table.


Tell me about the fields...

  • Keep all connections keeps all control and data connections open until the connections have ended. The newly installed policy will be enforced only for new connections.
  • Keep Data Connections keeps all data connections open until the connections have ended. Control connections that are not allowed under the new policy will be terminated.
  • Rematch Connections means that all connections not allowed under the new policy will be terminated, unless the service has Keep connections open after policy has been installed is enabled in the Service Properties window.
CCSM R77/R80/ELITE
0 Kudos
RemoteUser
Advisor
‎2025-06-30 04:22 AM
In response to Chris_Atkinson
Jump to solution

tank you very much!!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events