- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
As security technologies grow more complex the administrator has many tools at his or her disposal to regulate and enforce traffic in firewall devices. While security zones are not new tools, an individual may underutilise the objects in daily activities. This paper attempts to explain what a security zone function in a firewall and how it applies to modern security techniques. The key benefits to a security zone is tight control of traffic and routing functions while maintaining simplified control.
For the full list of White Papers, go here.
We find in the new features list of R80.10:
Security Zones: Group interfaces of gateways into Security Zones for new Source and Destination definitions.
The sk10538 Check Point R77.20.xx for 600 / 700 / 1100 / 1200R / 1400 / 910 Appliance Features and Known Limitations only mentions Security Zones 2 times:
SMB-5608 | Policy installation fails on a centrally manged environment with more than 255 interfaces (in total) whose "security zone" is not set to "none" (ex: internal,external, etc.).
|
01132456 | Assigning Security Zones to interfaces on a SmartProvisioning profile is not supported. |
But in sk159772 Check Point R80.20 for 1500 Appliances Features and Known Limitations we read:
Blade / Feature | Locally managed |
Centrally managed |
Comments |
Unified Access |
Security Zones | Yes | Yes | |
It still is not explicitly stated, but sk133252 Rules mismatch on appliance cluster when manually configured Security Zones object used tells us at least that Security Zones are supported with 1400, 1100, 1200R units.
But for which purpose are they supported ? I would suspect for topology definition to do address anti-spoofing. Centrally managed SMB units had their topology imported into Dashboard, where it could not be edited.
So i would assume that R80.10 Security Zones are fully supported by Check Point R80.20 for 1500 Appliances at least...
Hi,
Is there any limitation how many security zones can be created? I cannot find this information in guides and DS (R80.20 - R80.40)?
Thanks in advance,
MariuszT
No limitations
Is there any document to prove that?
It is really hard to prove a negative. You realise that, right? 🙂
No limitations, unless there is a document stating there is a limitation for amount of security zones. Yet, to the best of my knowledge, it does not exist.
There are, however, other limitations, mentioned in sk128572.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY