Create a Post
Showing results for 
Search instead for 
Did you mean: 

Policies per Incoming & Outgoing interface?

Jump to solution

Hi, I'm not sure I'm 100% understanding what I actually want, But I used to work with Fortigate all the time and I'm missing that feature in Checkpoint or I just don't understand how to accomplish that.

In fortigate, I can configure the Incoming interface and Outgoing interface for a specific policy.

So when ever I configure a new interface, I have to add a specific policy for it to have network between other interfaces.

Now, on my checkpoint firewall ( x2 5100 ClusterXL ) I have 5 interfaces:

1. Mgmt - Management Interface -

2. eth1 - External Interface

3. eth2 - DMZ Interface -

4. eth3 - LAN Interface -

5. eth5 - Sync Interface -

For example, Let's take DMZ Interface:

I would like to allow all outbound traffic from DMZ to WAN but if I configure:

Source: DMZ ( network address pool )

Destination: All_Internet

Action: Accept

It will work but he will also have network to the other interfaces.

When I check the logs, I can see it's communicating the other interfaces through the "All_Internet" policy even though I want it to allow only WAN traffic..

Sorry for the lack of knowledge.

0 Kudos
4 Replies
This widget could not be displayed.