Tomer,
Can you expand on the use of Threat Prevention layers?
I am having difficulty envisioning how those relate to the overall policy and its layers.
I.e. Adding layer to Threat Prevention seem to create additional policy:
That is not tied to the layers in the main policy.
Would those TP policies be then processed sequentially?
What is the point of those layers if the only differentiation in each is the Scope and Profile?
How is the TP layers differ from multiple rules in the same TP policy?
Thank you,
Vladimir
Tomer,
I'm still a bit baffled by it, should you have an opportunity to showcase few sample policies with layers, it will go a long way clarifying the issue.
As far as I can tell, there is no ability to limit individual admin's rights over single or select Threat Prevention layers:
Further more, when multiple Threat Prevention layers are used, I am seeing a warning about possible conflict in IPS:
I'll read the SK later to see what is it all about.
As to the sequential processing with segregated controls, multiple rules in the same policy seem to be able to address it:
But I really do not see much merit in separating blades in rules if they cover same scope, as shown in rules 2 and 3.
Hi,
As far as I can tell, there is no ability to limit individual admin's rights over single or select Threat Prevention layers:
This is actually coming in the next release of Security Management Server, not this one.
Further more, when multiple Threat Prevention layers are used, I am seeing a warning about possible conflict in IPS:
I'll read the SK later to see what is it all about.
Personally I think we may have used the wrong UI indication to tell our users that the policy works as they designed it. It means that the stricter option matters. It's not really a warning, it's more like a reminder of how the policy will behave.
So we can talk about 2 examples:
1. Each layer controls a software blade. This pattern already happens for users who upgraded their Management but not their gateways - the IPS Shared Layer is separated from the rest of the Threat Prevention products, which are in a second layer. So the upgraded policy scenario is a private case of this pattern. Users can go further and separate the signature-based decisions and profiles with the dynamic-based decisions and profiles by placing them in multiple layers.
2. Each layer controls a different network, and has multiple profiles for different portions of a network (so multiple rules per layer).
Why split to layers and not just have one big rule-base? It's up to each administrator to decide, generally:
1. Smaller building blocks help understand the policy better
2. Features that are coming in the next release: Sharing the same layer across multiple policies, and assigning different permission profiles to edit different layers - similar to the way Access Control layers are defined.
| User | Count |
|---|---|
| 13 | |
| 5 | |
| 5 | |
| 5 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 |
Tue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopTue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management WorkshopThu 05 Dec 2024 @ 10:00 AM (CET)
Impactful Intelligence: Introducing Check Point Infinity External Risk Management - EMEATue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsThu 05 Dec 2024 @ 10:00 AM (CET)
Impactful Intelligence: Introducing Check Point Infinity External Risk Management - EMEAThu 05 Dec 2024 @ 05:00 PM (CET)
Impactful Intelligence: Introducing Check Point Infinity External Risk Management - AMERTue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management Workshop
