This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ole_Jakobsen
Contributor
‎2018-12-19 02:39 AM
Jump to solution

Global object in local group?

I just need confirmation that global objects, eg. a network object, can be used in a local group.

Is that correct?

0 Kudos
1 Solution

Accepted Solutions
Manoj_Kumar2
Contributor
‎2018-12-19 04:21 AM
Jump to solution

Yes, We can use global objects in local groups, only issue is if you want to export the policy package then you need to unassigned the global policy and it won't allow you to perform this until you will removed the global objects from local group or local rules.

It is not a good approach better to create local object and call under local group.

Thanks,

Manoj

View solution in original post

0 Kudos
6 Replies
Danny
Champion
Champion
‎2018-12-19 03:17 AM
Jump to solution

Confirmed, this is correct. I just tested it within our Lab.

0 Kudos
_Val_
Admin
Admin
‎2018-12-19 03:23 AM
Jump to solution

The full answer is, yes, you can you it. But you do not want to... Every time that global object is modified or deleted, all local groups using it should be updated. It is a manual process prone to human errors

Manoj_Kumar2
Contributor
‎2018-12-19 04:21 AM
Jump to solution

Yes, We can use global objects in local groups, only issue is if you want to export the policy package then you need to unassigned the global policy and it won't allow you to perform this until you will removed the global objects from local group or local rules.

It is not a good approach better to create local object and call under local group.

Thanks,

Manoj

0 Kudos
JozkoMrkvicka
Mentor
Mentor
‎2018-12-19 05:43 AM
Jump to solution

on the other hand, global group can have ONLY global objects in it.

Kind regards,
Jozko Mrkvicka
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2018-12-21 01:15 AM
In response to JozkoMrkvicka
Jump to solution

But you can create a Dynamic global object that you can use in a global policy and you can create a Group in the domains, with the same name as that dynamic global object, which you can then fill with local domain objects.

Example would be to allow access to all gateways from your management system through global policy, you create a group called All_Gateways_global in the domains and a dynamic global object in the global policy. Just add the gateways in each domain to the group and the global policy will apply.

Regards, Maarten
Manoj_Kumar2
Contributor
‎2018-12-21 01:31 AM
In response to Maarten_Sjouw
Jump to solution

yes, Incase of dynamic object we need to specify the local object with same name form local domain.

Thanks,

Manoj