Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Avigdor_Sharon
Contributor
Jump to solution

Limiting Admin Rights

Can I give a new admin limited rights to just one rule?

0 Kudos
1 Solution

Accepted Solutions
Yossi_Mansano
Employee Alumnus
Employee Alumnus

No, the permission can be defined on an entire Layer and not on a single rule.

You can limit a new admin to edit just specific layers.

The feature is supported for both Inline Layer and Ordered Layer.

View solution in original post

0 Kudos
5 Replies
Jim_Oqvist
Employee
Employee

You can provide an admin access rights to an inline layer in the policy, traffic needs to match the parent rule before reaching the inline layer. An inline layer can contain multiple rules but will only inspect the traffic that matched the parent rule.

0 Kudos
Yossi_Mansano
Employee Alumnus
Employee Alumnus

No, the permission can be defined on an entire Layer and not on a single rule.

You can limit a new admin to edit just specific layers.

The feature is supported for both Inline Layer and Ordered Layer.

0 Kudos
J_Goh
Participant

I have heard of Inline layer.  What is Ordered Layer?  And can you explain the difference between the two?

0 Kudos
Jim_Oqvist
Employee
Employee

R80 introduces a new policy concept called Layers to efficiently work with the rule base.

For Access Control Policy Two types of layers for maximum flexibility exists, inline layer and ordered layer. Where layers allow separating the security policy into multiple components. In this way creating better security and manageability. Support concurrent-admin's and segregation of duties, allow organizations to reuse of layer either as inline or ordered in multiple policy's to be more efficient.

  • In Inline Layers only traffic matched/accepted on the parent rule will reach and be inspected by the inside layer rules.
  • In Ordered Layers when an accept rule from the first layer is matched, the gateway goes over the rules in the next layer
    • For backward compatibility with pre-R80 gateway you will use ordered layers to manage the Firewall rule base and Application control rule base, where first layer needs to be Firewall layer and second layer needs to be Application control and URL Filtering layer.

    • During an upgrade from pre-R80 to R80 with gateways using policy packages that are using Firewall and Application control policy's, the existing policy will be separated to ordered Layer with Network Layer – Firewall policy rules as the first layer and  Application Layer – Application control policy rules as the second layer.

Here is an example of traffic matching using

Policy with Inline Layers
Policy with Ordered LayersPolicy mixed with Ordered and Inline Layers
Tomer_Sole
Mentor
Mentor

Please refer to Layers in R80  for general questions about the types of layers in R80. I will copy Jim Oqvist​'s post from this thread to there just for the order of things and also because it's so nicely written.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events