Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hey all, we have a Smart-1 appliance/2 SG 6000 appliances clustered.
Our system has been updated at least twice from older hardware with existing rules.
Looking over a few rules, I'd like to clean our rules up to what is necessary to unify sec/app layer.
Are there any articles for what is needed to for the management and security gateways on R81.10?
For example, I'm looking at deleting a rule 2 for our SMS/SGs (Source) -> Internal DNS Servers (Destination) / udp&tcp 53 ->Accept.
Logs for that rule look like this. Rule 0 under a different layer is saying its Implied.
I've disabled Rule 2, but wondering now I'm wondering if I move to a unified layer and delete the Application layer will DNS stop working? If a log exists lists an rule 0 - Implied Rule, would that be safe to determine we do not need a rule (after verifying logs are not hitting any other rules of course).
Another log example. Would this be safe to determine to delete if it is implied? I'm not seeing a difference between my Security/App layer Implied Rules. (I'm not sure if they're the same or not?)
If you have any Policy cleanup tips that would be great too. I have rules that are too permissive that I'd like to clean up to have our network more secure.
Thanks!!
1 Solution
Accepted Solutions
All of the Implied Rules should be shown here.
See also: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
DNS has implied rules.
NTP is not covered under Implied Rules (at least the ones shown here).
However, if traffic were purely being accepted based on these implied rules, it would be accepted that way for both layers.
Which means...this "Implied Rule" is probably something different.
I'm assuming your Application layer only has App Control/URL Filtering active and not Firewall?
That might be the reason for the implied rule as DNS and NTP are handled in the Firewall, not App Control.
All of the Implied Rules should be shown here.
See also: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
DNS has implied rules.
NTP is not covered under Implied Rules (at least the ones shown here).
However, if traffic were purely being accepted based on these implied rules, it would be accepted that way for both layers.
Which means...this "Implied Rule" is probably something different.
I'm assuming your Application layer only has App Control/URL Filtering active and not Firewall?
That might be the reason for the implied rule as DNS and NTP are handled in the Firewall, not App Control.
Thanks PhoneBoy. I'll go over that article as well.
You are correct! That makes sense to me, I THINK.
--
I'm assuming it is required to have the Security layer enabled with Application & URL Filtering in order to achieve a unified policy?
