This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Avigdor_Sharon
Contributor
‎2015-12-17 06:45 AM
Jump to solution

Limiting Admin Rights

Can I give a new admin limited rights to just one rule?

0 Kudos
1 Solution

Accepted Solutions
Yossi_Mansano
Employee Alumnus
Employee Alumnus
‎2015-12-22 08:34 AM
Jump to solution

No, the permission can be defined on an entire Layer and not on a single rule.

You can limit a new admin to edit just specific layers.

The feature is supported for both Inline Layer and Ordered Layer.

View solution in original post

0 Kudos
5 Replies
Jim_Oqvist
Employee
Employee
‎2015-12-18 11:58 PM
Jump to solution

You can provide an admin access rights to an inline layer in the policy, traffic needs to match the parent rule before reaching the inline layer. An inline layer can contain multiple rules but will only inspect the traffic that matched the parent rule.

0 Kudos
Yossi_Mansano
Employee Alumnus
Employee Alumnus
‎2015-12-22 08:34 AM
Jump to solution

No, the permission can be defined on an entire Layer and not on a single rule.

You can limit a new admin to edit just specific layers.

The feature is supported for both Inline Layer and Ordered Layer.

0 Kudos
J_Goh
Participant
‎2016-01-15 10:05 AM
In response to Yossi_Mansano
Jump to solution

I have heard of Inline layer.  What is Ordered Layer?  And can you explain the difference between the two?

0 Kudos
Jim_Oqvist
Employee
Employee
‎2016-01-16 04:16 AM
In response to J_Goh
Jump to solution

R80 introduces a new policy concept called Layers to efficiently work with the rule base.

For Access Control Policy Two types of layers for maximum flexibility exists, inline layer and ordered layer. Where layers allow separating the security policy into multiple components. In this way creating better security and manageability. Support concurrent-admin's and segregation of duties, allow organizations to reuse of layer either as inline or ordered in multiple policy's to be more efficient.

  • In Inline Layers only traffic matched/accepted on the parent rule will reach and be inspected by the inside layer rules.
  • In Ordered Layers when an accept rule from the first layer is matched, the gateway goes over the rules in the next layer

    • For backward compatibility with pre-R80 gateway you will use ordered layers to manage the Firewall rule base and Application control rule base, where first layer needs to be Firewall layer and second layer needs to be Application control and URL Filtering layer.

    • During an upgrade from pre-R80 to R80 with gateways using policy packages that are using Firewall and Application control policy's, the existing policy will be separated to ordered Layer with Network Layer – Firewall policy rules as the first layer and  Application Layer – Application control policy rules as the second layer.

Here is an example of traffic matching using

Policy with Inline Layers
Policy with Ordered LayersPolicy mixed with Ordered and Inline Layers
Tomer_Sole
Mentor
Mentor
‎2016-01-19 08:54 AM
In response to J_Goh
Jump to solution

Please refer to Layers in R80  for general questions about the types of layers in R80. I will copy Jim Oqvist​'s post from this thread to there just for the order of things and also because it's so nicely written.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events