Hey all, we have a Smart-1 appliance/2 SG 6000 appliances clustered.
Our system has been updated at least twice from older hardware with existing rules.
Looking over a few rules, I'd like to clean our rules up to what is necessary to unify sec/app layer.
Are there any articles for what is needed to for the management and security gateways on R81.10?
For example, I'm looking at deleting a rule 2 for our SMS/SGs (Source) -> Internal DNS Servers (Destination) / udp&tcp 53 ->Accept.
Logs for that rule look like this. Rule 0 under a different layer is saying its Implied.
I've disabled Rule 2, but wondering now I'm wondering if I move to a unified layer and delete the Application layer will DNS stop working? If a log exists lists an rule 0 - Implied Rule, would that be safe to determine we do not need a rule (after verifying logs are not hitting any other rules of course).
Another log example. Would this be safe to determine to delete if it is implied? I'm not seeing a difference between my Security/App layer Implied Rules. (I'm not sure if they're the same or not?)
If you have any Policy cleanup tips that would be great too. I have rules that are too permissive that I'd like to clean up to have our network more secure.
Thanks!!
All of the Implied Rules should be shown here.
See also: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
DNS has implied rules.
NTP is not covered under Implied Rules (at least the ones shown here).
However, if traffic were purely being accepted based on these implied rules, it would be accepted that way for both layers.
Which means...this "Implied Rule" is probably something different.
I'm assuming your Application layer only has App Control/URL Filtering active and not Firewall?
That might be the reason for the implied rule as DNS and NTP are handled in the Firewall, not App Control.
All of the Implied Rules should be shown here.
See also: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
DNS has implied rules.
NTP is not covered under Implied Rules (at least the ones shown here).
However, if traffic were purely being accepted based on these implied rules, it would be accepted that way for both layers.
Which means...this "Implied Rule" is probably something different.
I'm assuming your Application layer only has App Control/URL Filtering active and not Firewall?
That might be the reason for the implied rule as DNS and NTP are handled in the Firewall, not App Control.
Thanks PhoneBoy. I'll go over that article as well.
You are correct! That makes sense to me, I THINK.
--
I'm assuming it is required to have the Security layer enabled with Application & URL Filtering in order to achieve a unified policy?
| User | Count |
|---|---|
| 31 | |
| 14 | |
| 13 | |
| 10 | |
| 10 | |
| 7 | |
| 6 | |
| 5 | |
| 4 | |
| 3 |
Tue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopTue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management WorkshopThu 05 Dec 2024 @ 10:00 AM (CET)
Impactful Intelligence: Introducing Check Point Infinity External Risk Management - EMEATue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsThu 05 Dec 2024 @ 10:00 AM (CET)
Impactful Intelligence: Introducing Check Point Infinity External Risk Management - EMEAThu 05 Dec 2024 @ 03:00 PM (CET)
Mastering Regulatory Compliance in Banking and Finance (EMEA)Tue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management Workshop
