Create a Post
Showing results for 
Search instead for 
Did you mean: 

Difference between interface based and zone based firewall?

like to know the difference between interface based and zone based firewall

0 Kudos
1 Reply

It comes down to how the policy is defined.

In a zone-based firewall I can say "everything that comes from this interface should be treated this way" without worrying about the IP addresses at all.

You can achieve the same thing in an interface-based firewall, but you have to know (and define) every IP address reachable from that firewall.

Which, in complex environments with dynamic routing, can be a challenge.

Check Point did not support using zones in the firewall policy until R80.10 (except on SMB appliances, where this has been supported for a while). 

However, even in R80.10, interface Anti-spoofing and NAT rules still have to be defined in terms of IP addresses--something that should be addressed in future releases. 


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events