This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LostBoY
Advisor
‎2020-05-27 10:19 AM

Define Policy - Best Practices

Hello,

When we deploy new firewalls there is a Standard Policy created.

Is it a best practice to create rules in the same standard policy or a separate policy should be created ?

If a separate policy is to be created than what is the Standard Policy used for ? 

 

Thanks

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2020-05-27 01:24 PM

In a fresh installation, you need to have some policy package to start with.
Why the name Standard was chosen as the name, not sure.
It goes back to the beginnings of the product.
Whether you use the Standard policy package or create a different one to out your rules in, it's really up to you.
Generally people will create a new one with a more meaningful name.
HeikoAnkenbrand
Champion
Champion
‎2020-05-27 11:51 PM

Hi @LostBoY 

After a "fresh install" the default policy ensures that access to the firewall is restricted:

source      destination     service
--------------------------------
any            fw                     443               GAIA WebGUI
any            fw                     22                 SSH
any            fw                     18191           Policy Install / SIC
any            fw                     18192           CPD_amon  (I'm not sure here anymore)
any            fw                     18211           CP_ica_push

More to communication ports here:
R80.x Ports Used for Communication by Various Check Point Modules

 

 


➜ CCSM Elite, CCME, CCTE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events