This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RAJMOHAN
Explorer
‎2021-03-03 09:10 PM
Jump to solution

MDS Global Rule

Hi All,

Good morning !! We are currently using MDS with multiple CMAs running on R80.40. Currently, the plan is to create Global Rule (push to all domain/CMA) along with we plan to create another global Rule named as DC and push only to 3 primary DC GW's. Could someone please confirm if this is viable option to have kind of two global Rules one push to all GW whereas the other one mainly for DC (3 GW) part  ?

0 Kudos
1 Solution

Accepted Solutions
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2021-03-04 12:51 AM
In response to Vincent_Bacher
Jump to solution

@Vincent_Bacher has the best answer 🙂

Else you can always create different global policies per domain if it helps and your GWs are separated that way:

image.png

 

View solution in original post

0 Kudos
5 Replies
Vincent_Bacher
Leader Leader
Leader
‎2021-03-03 10:25 PM
Jump to solution

I think this is described in MDM admin guide in section "Applying Global Rules to Security Gateways by Function".

We don't use that but from my perspective that should be viable. 

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2021-03-04 12:51 AM
In response to Vincent_Bacher
Jump to solution

@Vincent_Bacher has the best answer 🙂

Else you can always create different global policies per domain if it helps and your GWs are separated that way:

image.png

 

0 Kudos
George_Ellis
Advisor
‎2021-03-04 04:27 AM
In response to Kaspars_Zibarts
Jump to solution

As Kaspars example points out, as I think I understand what you are asking, one policy per domain.  So I was thinking you were asking if you could do a cumulative push of A + B?  I have not seen that that will work.  But since you are in the same domain (Global), copy-paste works and add part b's specific rules.
But I may not have followed what you mean.

0 Kudos
RAJMOHAN
Explorer
‎2021-03-19 08:36 AM
In response to Kaspars_Zibarts
Jump to solution

Hi ,

Thanks all for your response.. I  strongly feel the  way Kaspars suggested would work and easy method though. Will test it out in couple of weeks.

 

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2021-03-19 03:03 PM
In response to RAJMOHAN
Jump to solution

Another option is to use Global dynamic objects, this makes a policy very much more dynamic. You create the object in the global policy and name it GBL-name_global, the '_global' part is mandatory. Now in the global rulebase you could use a global dynamic named GBL-DC-GWs_global in an install on column. 
In the normal rulebase you create a Simple Network Group with the exact same name GBL-DC-GWs_global and add the 3 DC GWs to it. Now assign the new global policy to the domain and you will see the group will show on that one global rule you added it to and the simple network group will be linked to the Dynamic global object.

Hop I explained it clear enough, if not I can always try to do better.

Regards, Maarten

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events