- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
I just need confirmation that global objects, eg. a network object, can be used in a local group.
Is that correct?
Yes, We can use global objects in local groups, only issue is if you want to export the policy package then you need to unassigned the global policy and it won't allow you to perform this until you will removed the global objects from local group or local rules.
It is not a good approach better to create local object and call under local group.
Thanks,
Manoj
Confirmed, this is correct. I just tested it within our Lab.
The full answer is, yes, you can you it. But you do not want to... Every time that global object is modified or deleted, all local groups using it should be updated. It is a manual process prone to human errors
Yes, We can use global objects in local groups, only issue is if you want to export the policy package then you need to unassigned the global policy and it won't allow you to perform this until you will removed the global objects from local group or local rules.
It is not a good approach better to create local object and call under local group.
Thanks,
Manoj
on the other hand, global group can have ONLY global objects in it.
But you can create a Dynamic global object that you can use in a global policy and you can create a Group in the domains, with the same name as that dynamic global object, which you can then fill with local domain objects.
Example would be to allow access to all gateways from your management system through global policy, you create a group called All_Gateways_global in the domains and a dynamic global object in the global policy. Just add the gateways in each domain to the group and the global policy will apply.
yes, Incase of dynamic object we need to specify the local object with same name form local domain.
Thanks,
Manoj
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY