This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
yoganand_i
Explorer
‎2017-07-14 11:33 PM

Difference between interface based and zone based firewall?

like to know the difference between interface based and zone based firewall

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2017-07-15 08:54 AM

It comes down to how the policy is defined.

In a zone-based firewall I can say "everything that comes from this interface should be treated this way" without worrying about the IP addresses at all.

You can achieve the same thing in an interface-based firewall, but you have to know (and define) every IP address reachable from that firewall.

Which, in complex environments with dynamic routing, can be a challenge.

Check Point did not support using zones in the firewall policy until R80.10 (except on SMB appliances, where this has been supported for a while). 

However, even in R80.10, interface Anti-spoofing and NAT rules still have to be defined in terms of IP addresses--something that should be addressed in future releases.