This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
LostBoY
Advisor
‎2020-05-27 10:19 AM

Define Policy - Best Practices

Hello,

When we deploy new firewalls there is a Standard Policy created.

Is it a best practice to create rules in the same standard policy or a separate policy should be created ?

If a separate policy is to be created than what is the Standard Policy used for ? 

 

Thanks

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2020-05-27 01:24 PM

In a fresh installation, you need to have some policy package to start with.
Why the name Standard was chosen as the name, not sure.
It goes back to the beginnings of the product.
Whether you use the Standard policy package or create a different one to out your rules in, it's really up to you.
Generally people will create a new one with a more meaningful name.
HeikoAnkenbrand
Champion
Champion
‎2020-05-27 11:51 PM

Hi @LostBoY 

After a "fresh install" the default policy ensures that access to the firewall is restricted:

source      destination     service
--------------------------------
any            fw                     443               GAIA WebGUI
any            fw                     22                 SSH
any            fw                     18191           Policy Install / SIC
any            fw                     18192           CPD_amon  (I'm not sure here anymore)
any            fw                     18211           CP_ica_push

More to communication ports here:
R80.x Ports Used for Communication by Various Check Point Modules

 

 

0 Kudos
Labels