- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Harmony Mobile 4:
New Version, New Capabilities
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
like to know the difference between interface based and zone based firewall
It comes down to how the policy is defined.
In a zone-based firewall I can say "everything that comes from this interface should be treated this way" without worrying about the IP addresses at all.
You can achieve the same thing in an interface-based firewall, but you have to know (and define) every IP address reachable from that firewall.
Which, in complex environments with dynamic routing, can be a challenge.
Check Point did not support using zones in the firewall policy until R80.10 (except on SMB appliances, where this has been supported for a while).
However, even in R80.10, interface Anti-spoofing and NAT rules still have to be defined in terms of IP addresses--something that should be addressed in future releases.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY