This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
George_Ellis
Contributor
‎2019-07-19 06:51 AM

Global Objects load into gateway memory?

This appears to be confusion among some folks.  In the MDM environment, while using global objects, some folks think that the global objects (all of them) load into memory on the gateway with the policy.  I have asked before and the answer I got was that objects are conveyed to the endpoint, but are not in the compiled policy unless they are used in the policy.

Someone is thinking that we should abandon global objects to save memory in some of the domain firewall policies that load into the gateway policy in memory.  That does not make much sense.  Anyone know differently?

5 Replies
Richard_Quick
Contributor
‎2019-07-19 10:56 AM

Never really thought about it but i can't see where the savings would be that great even if it was in memory.  If the device is really teetering that close then it's time for new hardware. 🙂

0 Kudos
George_Ellis
Contributor
‎2019-07-19 11:05 AM
In response to Richard_Quick

It's not like we are running Crossbeams 😉

0 Kudos
PhoneBoy
Admin
Admin
‎2019-07-19 11:14 AM

The gateways work with a compiled policy.
Whether the objects are global or.local shouldn't change that.
0 Kudos
George_Ellis
Contributor
‎2019-07-19 11:19 AM
In response to PhoneBoy

Exactly. Compiled with the objects that are in the policy. There are folks out there that are confused that if you use global objects in the MDM, they are all in the running policy. The only gotcha I know of with globals is using global ports. Tested in 80.10, the compiler was not seeing shadowing when using local and global port definitions.

When you have 12 domains, and 4 are data centers for HA, using globals allows create once, use everywhere.
0 Kudos
PhoneBoy
Admin
Admin
‎2019-07-19 01:00 PM
In response to George_Ellis

While there may be no issues with this on the gateway side, I can see how there might be issues on the management side of things with the policy verification and compilation if there's a large number of global objects in a large enterprise policy.
0 Kudos