How layered policies are matched | FW, APP, URL

Firewall_Head

Hi Mates,

I was testing the layered policy approach and got confused a bit. I have created separate layers for FW and APP blade. In my admin access I have allowed SSH access to the FW but I was unable to do so.

When I checked it was hitting the cleanup in the APP layer policy, can somebody help me out with this.

1> How are the policies matched?

2> If the FW layer rule 1 allows the access then why is it coming to the APP layer.

Please help me on this!!!

====

WR,

FH

the_rock

Hey brother,

Remember what I said on the remote sesison about this? Traffic HAS TO match on ALL ordered layers. So say you have 2 layers and its accepted on first layer, but dropped on 2nd layer, it will not work. If you need more help, we can do another remote as well. In your case, if it is indeed 2 layers, I would do any any allow at the bottom of 2nd layer and then block whatever needed above.

1) They are match top to bottom, left to right

2) Thats how it works for layered rules, traffic has to traverse all layered rules to be accepted

https://community.checkpoint.com/t5/Partner-Community/Layered-rules-approach/m-p/242051

Andy

the_rock

If you wish to do another quick zoom remote, Im good till 7.30 pm your time, or between 10.30-11.30

Andy

Firewall_Head

Hi @the_rock ,

Thank you sm for the reply, let's do a remote at 10.40 PM IST.

====

WR,

FH

the_rock

Sounds good, will send you zoom for that time 10 mins before.

Andy

Are you a member of CheckMates?

How layered policies are matched | FW, APP, URL