This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Annie-CCSA
Participant
‎2020-11-02 11:28 AM

InternalNet vs InternalZone

Hi Guys, 

Is there any difference between the "InternalNet" or "InternalZone" objects we can select in a security policy ? ( when to use what ? )

Based on what I read in the CCSA course, I assume InternalZone could be the group of internal interfaces. InternalNet could be the group of RFC1918 addresses for ipv4...

Or is this all the same ?

I'm sorry if this is a stupid question, but I can't find the answer here in Checkmates nor the training courses. Thx.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2020-11-02 09:08 PM

They are different kinds of objects (Zone versus group) so they could overlap but are not exactly the same.

0 Kudos
Annie-CCSA
Participant
‎2020-11-05 12:25 AM
In response to PhoneBoy

So InternalZone is a zone, and InternalNet is a group of ... ( interfaces, RFC1918, ... ? )

Thx.

0 Kudos
PhoneBoy
Admin
Admin
‎2020-11-08 08:32 PM
In response to Annie-CCSA

Generally, InternalNet is whatever you've defined it to be.
I believe it is used in the CCSA Courseware as a placeholder for "internal network."

To complicate matters, it turns out there is a Dynamic Object called InternalNet, used primarily with SmartLSM.
Dynamic Objects are generally placeholder objects where you set the actual definition on the relevant gateway via the dynamic_objects CLI command.
Some Dynamic Objects (e.g. LocalGateway) are managed automatically.
I don't believe InternalNet is, unless you're using SmartLSM.

This is in comparison to InternalZone, which is defined based on the topology setting for your gateways and includes all the networks behind the relevant interfaces. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top