This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
CP_TME
Employee
Employee
‎2025-12-10 01:19 AM

Policy Insights: Your AI-Powered Firewall Assistant

🔍 Policy Insights: Your AI-Powered Guide to Smarter Security Policies 

Security administrators, meet your new policy assistant: Policy Insights.  

Planning your yearly firewall cleanup can be overwhelming—over time, rules accumulate, objects become outdated, and some policies turn overly permissive. Policy Insights, Check Point’s AI-driven feature, transforms this complex task into an intuitive, actionable process, providing clear recommendations to optimize, clean up, and strengthen your security policies. 

What is Policy Insights? 

Policy Insights is designed to give administrators visibility, clarity, and control over their security policies. Available from R82 and R81.20, it scans your Access Control rules, identifies conflicts, redundancies, and risky permissions, and provides actionable recommendations to optimize your rule base. By combining AI and identity awareness, Policy Insights ensures only authorized users can access critical resources, helping you maintain a secure and compliant environment. 

Think of it as your personal security advisor—it doesn’t just flag problems; it suggests exact steps to fix them, so you can make smarter decisions faster. 

Supported Objects and Environments 

Policy Insights supports a wide range of objects: 

  • Source & Destination: Hosts, Networks, Groups 
  • Services & Service Groups: ICMP, ICMP6, RPC, TCP, UDP, DCE-RPC 

Whether you’re working in SmartConsole or the Infinity Portal, Policy Insights delivers consistent insights across your environment, making it easy to manage policies no matter where you operate. 

How It Helps You 

With Policy Insights, you can: 

  • Enhance Security: Spot and fix weak or risky rules before they become threats. 
  • Optimize Performance: Reduce unnecessary rules, improving firewall efficiency and easing management overhead. 
  • Ensure Compliance: Keep your policies aligned with internal and external regulations. 

Each recommendation comes with a confidence rating: 

  • Recommended: High security impact and high confidence. 
  • No Icon: Security impact detected but insufficient data for full confidence. 
  • Low Confidence: Not enough logs or new/changed rules prevent a conclusive analysis. 

You can ApplyDecline, or Decide Later on each suggestion, then publish and install the policy to immediately implement changes. You can also export all insights to a CSV file—perfect for reporting, auditing, or sharing with your team. 

Step-by-Step Workflow 

  1. Open your Access Control policy in SmartConsole or Infinity Portal. 
  1. Click the Insights button above the rule base to open Policy Insights. 
  1. Review suggestions across categories: Remove unmatched objects, Replace existing objects, and rule-specific insights. 
  1. Choose your action for each recommendation: Apply, Decline, or Decide Later. 
  1. Publish and install your policy to apply changes. 

For rules you’re not ready to change, use the Decide Later section. Need to reconsider a previously declined suggestion? The Undo Decline button moves it back to the Suggestions section—flexibility designed for real-world workflows. 

Tips for Administrators 

  • Combine Policy Insights with AI Copilot to speed up yearly cleanups. 
  • Focus on high-confidence recommendations first—they have the greatest impact on security and efficiency. 
  • Regularly export CSV reports to track improvements and support compliance audits. 

Important Note

  • Always publish and install policies after applying recommendations to enforce changes. 

With Policy Insights, managing firewall rules is no longer a daunting, time-consuming task. It’s your AI-powered assistant, helping you maintain a secure, optimized, and compliant network with actionable guidance at your fingertips. 

 

Technical Marketing Engineering Team
6 Replies
the_rock
MVP Diamond
MVP Diamond
‎2025-12-12 05:27 AM

Great!

Best,
Andy
"Have a great day and if its not, change it"
David_C1
Advisor
‎2025-12-23 02:25 PM
In response to the_rock

This looks like a very powerful tool...unfortunately, we will never use it as long as it requires uploading our policies, objects, and logs to the cloud. How about an on-prem option?

Dave

the_rock
MVP Diamond
MVP Diamond
‎2025-12-23 02:49 PM
In response to David_C1

Not sure thats available on prem as of yet, though.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
PhoneBoy
Admin
Admin
‎2025-12-29 09:32 AM
In response to David_C1

You might be able to build an entirely on-premise version of this using MCP Servers and a local instance of your favorite AI engine.

0 Kudos
Tomer_Noy
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2026-01-01 04:18 AM
In response to David_C1

We don't offer this capability on-prem, since it relies on a lot of compute running in the cloud. It lets us leverage technologies we don't have on-prem and minimizes performance impact on the Management server. It also allows us to add more features and capabilities without having to upgrade the Management.

It's important to note that indeed in the background, the feature will upload data about your policies and objects, but we don't upload all your logs to the cloud. For performance, cost and privacy reasons we only upload something we call "hitcount telemetry" which is condensed data about the various network flows going through the gateway, without including many of the more sensitive log fields.

0 Kudos
David_C1
Advisor
‎2026-01-02 09:03 AM
In response to Tomer_Noy

I appreciate the responses and suggestions. When we spoke to our SE about this, he said the same thing - it's handled in the cloud due to the compute resources required. While I appreciate the fact that it doesn't require all log data, it does require our policies to be uploaded to the cloud (yes?). This is basically a map of our internal networks and security controls. Setting aside any compliance requirements that would likely prohibit us from sending this information elsewhere (i.e. someone else's cloud) it is a risky security practice. We'd be more than willing to purchase another on-prem appliance that could be dedicated to Policy Insights if that were available - in fact, when we end up purchasing a competitor's product (that offers an on-prem version of this functionality) we will need to purchase additional hardware.

David

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events