This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kamilazat
Collaborator
2 hours ago

Best practices for allowing overlapping ports/protocols on different rules

Hi,

I've read that it's not best practice to have multiple service objects defined for the same port/protocol here. And it got me thinking.

What is the best practice in case we need to create rules with overlapping port ranges with the same protocol?

For example, let's assume that

  •     I need to allow access between Network A - Network B on ports 10000 - 20000 on protocol X.
  •     But at the same time, I need to block traffic between Network C - Network D on ports 15000 - 25000 on protocol X.
  •     Additionally, a new requirement comes and I need to create a new rule that allows access between Network E - Network F on ports 12000 - 27000, again on protocol X.

The first thing that comes to my mind is to create different service objects for these different ranges and use them where needed. But if I understand it correctly, it's not the best practice and probably will give me "Services port conflict" warning when installing the policy.

How do we do this in this kinds of situations?

Cheers!

0 Kudos
1 Reply
emmap
Employee
Employee
48m ago

Create the service ranges as required for your rules, but under the Advanced options for those objects, make sure 'Match for Any' is not selected. That way you'll have no warnings on policy install.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events