This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
OK
ABOUT CHECKMATES & FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Help
yoganand_i
yoganand_i
Ivory
‎2017-07-14 11:33 PM

Difference between interface based and zone based firewall?

like to know the difference between interface based and zone based firewall

0 Kudos
Reply
1 Reply
PhoneBoy
Admin
Admin
‎2017-07-15 08:54 AM

Re: Difference between interface based and zone based firewall?

It comes down to how the policy is defined.

In a zone-based firewall I can say "everything that comes from this interface should be treated this way" without worrying about the IP addresses at all.

You can achieve the same thing in an interface-based firewall, but you have to know (and define) every IP address reachable from that firewall.

Which, in complex environments with dynamic routing, can be a challenge.

Check Point did not support using zones in the firewall policy until R80.10 (except on SMB appliances, where this has been supported for a while). 

However, even in R80.10, interface Anti-spoofing and NAT rules still have to be defined in terms of IP addresses--something that should be addressed in future releases. 

Reply