- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
Given that a lot of the functionality that layers provides won't actually be available until R80 Gateway is released, I'm trying to understand what benefits someone might achieve by using layered policies before R80 Gateway becomes available, if they even can.
I understand some of the R7x functionality today (e.g. IPS, Threat Prevention, App Control/URL Filtering) will map to fixed layers in the new policy-layers that can be changed once R80 gateway becomes available.
Can anyone explain to me at a high level how this works?
Please find the list of functionality that is given for Pre-R80 and R80.10 Gateways in the thread Layers in R80 . There are new benefits for all Gateway versions with layers, such as permissions per layer, and sharing of the same layer across multiple policies. The linked topic also explains how layers work in both Access Control and Threat Prevention worlds.
Please find the list of functionality that is given for Pre-R80 and R80.10 Gateways in the thread Layers in R80 . There are new benefits for all Gateway versions with layers, such as permissions per layer, and sharing of the same layer across multiple policies. The linked topic also explains how layers work in both Access Control and Threat Prevention worlds.
That definitely helped.
Assuming all blades, can you explain what order the different layers are evaluated in?
For Access Control, Ordered layers are enforced this way: When the Gateway matches a rule in a layer, it starts to evaluate the rules in the next layer.
For Threat Prevention, the different layers are evaluated on top of each other: Threat Prevention completes IPS in the same scopes. If there are contradicting rules in the different layers (functionality available for R80.10 Gateways and above), earliest layers take precedence.
That doesn't answer my question.
I'm asking specifically about the individual layers (i.e. what do we call them) and the exact order they are evaluated in (assuming I match an "allow" in each one).
Supposed that we have the 3 ordered layers as configured in the images below.
If a user inside Network51 attempts to access the IIS_Host through a gambling site in HTTPS, this is what the Gateway will evaluate:
- first, it will evaluate the rules in layer 1 "Network" and find an accept match at rule 3.
- then, because this is an "accept" match, it will evaluate the rules in layer 2 "Applications". It will match at the drop rule 1. Because this is a "drop" rule, the next ordered layers will not be evaluated at all and the connection will be dropped.
Hope this helps
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY