This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Reinaldo_Fernan
Contributor
‎2018-07-24 09:21 AM

Negate Cell ACL

Hello All,

I'm reviewing current configuration in a Check Point firewall and I see some negate cells in the ACLs.

Can somebody explain me what it means?

My understand is allow everything other than the negate cell, as for instance:

src                  dst                                             Action

10.10.0.1        172.16.2.71 (Negate cell)         Allow

Is there a way to query the config to see all the negate rules?

Regards,

Reinaldo

0 Kudos
3 Replies
Maarten_Sjouw
Champion
Champion
‎2018-07-24 02:48 PM

Negate Cells are very useful, they do as you anything but the content is allowed/denied (depending on the action).

We use this a lot for inbound access from the internet and outbound to the internet. Just put RFC1918 in the source for inbound traffic and negate the RFC1918 cell. Allowing only inbound from anything but internal RFC1918 ranges. same for outbound just put RFC1918 in the destination and negate the cell.that way you prevent any traffic other RFC1918 ranges connected to the FW as DMZ's.

Regards, Maarten
rashid_anwar2
Explorer
‎2019-01-25 10:25 AM

Hi Reinaldo,

Negate cells are very important in situation where you want to allow/deny anything but one particular group. 

As earlier said, you can negate RFC1918 (Private IP address range) for inbound/outbound connections. But when you add RFC1918 and if you and you add any other group , that will be negated automatically , as the actions are cell specific , so they apply to the entire cell. and the group that you negate will get negated only on that rule. if it is used in any other rule , it will remain a normal object. 

0 Kudos
PhoneBoy
Admin
Admin
‎2019-01-25 10:15 PM

As far as I know, there is no way to query the rulebase to see where negate cell is used, which could actually be used in any one of Source, Destination, or Services / Applications.

As others have stated, it is used to mean "everything except what is listed in that cell."

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top