This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
_Val_
Admin
Admin
‎2019-05-14 06:16 AM

White Paper - Security Zones

Author

@Jesse_Ybarra 

Abstract:

As security technologies grow more complex the administrator has many tools at his or her disposal to regulate and enforce traffic in firewall devices. While security zones are not new tools, an individual may underutilise the objects in daily activities. This paper attempts to explain what a security zone function in a firewall and how it applies to modern security techniques. The key benefits to a security zone is tight control of traffic and routing functions while maintaining simplified control.

 

For the full list of White Papers, go here

Preview file
618 KB
7 Replies
Lei_Liu
Employee
Employee
‎2020-02-03 07:41 PM

Could you help me to confirm whether R77.20.87 version of SMB 1450 Appliances support Security Zones via Centralized Management of SMC ?
0 Kudos
Martin_Valenta
Advisor
‎2020-02-03 09:21 PM
In response to Lei_Liu

As long as you can define zone oninterface within Topology on gateway object, then most likely yes..
0 Kudos
G_W_Albrecht
Legend
Legend
‎2020-02-04 12:16 AM
In response to Lei_Liu

We find in the new features list of R80.10:

Security Zones: Group interfaces of gateways into Security Zones for new Source and Destination definitions.

The sk10538 Check Point R77.20.xx for 600 / 700 / 1100 / 1200R / 1400 / 910 Appliance Features and Known Limitations only mentions Security Zones 2 times:

SMB-5608 Policy installation fails on a centrally manged environment with more than 255 interfaces (in total) whose "security zone" is not set to "none" (ex: internal,external, etc.).
  • Workaround: If there are no policy rules that use these security zones, change their configuration to "none" (in the Gateway properties -> Topology tab). 
01132456 Assigning Security Zones to interfaces on a SmartProvisioning profile is not supported.

 

But in  sk159772 Check Point R80.20 for 1500 Appliances Features and Known Limitations we read:

Blade / Feature Locally
managed		 Centrally
managed		 Comments
Unified Access
Security Zones Yes Yes  
 

 

It still is not explicitly stated, but sk133252 Rules mismatch on appliance cluster when manually configured Security Zones object used tells us at least that Security Zones are supported with 1400, 1100, 1200R units.

But for which purpose are they supported ? I would suspect for topology definition to do address anti-spoofing. Centrally managed SMB units had their topology imported into Dashboard, where it could not be edited.

So i would assume that R80.10 Security Zones are fully supported by Check Point R80.20 for 1500 Appliances at least...

CCSE CCTE SMB Specialist
0 Kudos
MariuszT
Explorer
‎2020-06-25 04:48 AM

Hi,

Is there any limitation how many security zones can be created? I cannot find this information in guides and DS (R80.20 - R80.40)?

Thanks in advance,

MariuszT

0 Kudos
_Val_
Admin
Admin
‎2020-06-25 07:29 AM
In response to MariuszT

No limitations

0 Kudos
ducluongtrann
Explorer
‎2022-05-04 01:42 AM
In response to _Val_

Is there any document to prove that?

0 Kudos
_Val_
Admin
Admin
‎2022-05-04 05:08 AM
In response to ducluongtrann

It is really hard to prove a negative. You realise that, right? 🙂

No limitations, unless there is a document stating there is a limitation for amount of security zones. Yet, to the best of my knowledge, it does not exist. 

There are, however, other limitations, mentioned in sk128572. 

0 Kudos
Labels