Hi, I'm not sure I'm 100% understanding what I actually want, But I used to work with Fortigate all the time and I'm missing that feature in Checkpoint or I just don't understand how to accomplish that.
In fortigate, I can configure the Incoming interface and Outgoing interface for a specific policy.
So when ever I configure a new interface, I have to add a specific policy for it to have network between other interfaces.
Now, on my checkpoint firewall ( x2 5100 ClusterXL ) I have 5 interfaces:
1. Mgmt - Management Interface - 192.168.1.0/24
2. eth1 - External Interface
3. eth2 - DMZ Interface - 192.168.2.0/24
4. eth3 - LAN Interface - 192.168.3.0/24
5. eth5 - Sync Interface - 192.168.4.0/24
For example, Let's take DMZ Interface:
I would like to allow all outbound traffic from DMZ to WAN but if I configure:
Source: DMZ ( network address pool )
Destination: All_Internet
Action: Accept
It will work but he will also have network to the other interfaces.
When I check the logs, I can see it's communicating the other interfaces through the "All_Internet" policy even though I want it to allow only WAN traffic..
Sorry for the lack of knowledge.