- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Is there any default quarantine(block all incoming/outgoing traffic for the host) policy present in the checkpoint? or should i need to manually create two rules 1st to block incoming traffic and 2nd to block outgoing traffic?
Are you talking about this in the context of Remote Access or something else?
A screenshot would probably be helpful.
@PhoneBoy
Quarantine / Unquarantine is in terms of network access to limit or deny endpoint access to the network.
Via Remote Access or when connected to the LAN?
When connected to the LAN
The firewall generally operates on an "implicit deny."
Meaning: that which is not expressly permitted by the access policy is denied by default.
So unless you have explicit rules allowing a given host to traverse the gateway, it won't.
Obviously that won't work for stuff that doesn't traverse the gateway.
We have a firewall that can also live on the endpoint (as part of Harmony Endpoint), which with Endpoint Compliance can restrict the client from connecting to anything on the local LAN as well.
However, that's not related to the gateway at all.
You mean in the firewall by default all the connected device block by default? I want quarantine/unquarantine flow similar to what cisco and fortigate do with endpoint.
Like I said: nothing is allowed through the gateway unless there's an explicit rule allowing it.
However, if you're talking about the Endpoint, we do have a Host Isolation feature as part of Harmony Endpoint.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
And: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Every traffic that is not allowed by explicit rules (i.e. rules you've created) or implied rules ( show via security policies in smart dashboard -> actions -> implied rules) will be dropped
If you're talking about a quick way to block suspicious traffic during an ongoing event/investigation the recommended approach is the Suspicious Activity Monitor features. It's not a gui policy, but simple cli way to block the traffic for a given time.
Read more about it in the documentation:
If you're looking at permanently blocking the traffic, inbound and outbound, an easy way would be to create two drop rules at the top of the policy, and then create a network group that you stick in source on one rule and destination on the other.
Any objects in that group would then be blocked, and the group can easily by updated by API's or manually.
do i need to install the policy every time after updating the network group?
Any updates to the access policy (including objects in existing rules) require a policy install.
There are certain object types that do not require a policy install to update (Dynamic Objects, Generic Data Center Objects, Access Roles).
Yea, like Dameon said, changes to policy will in most cases require installation. You can automate this and trigger it with the API's though.
Or you could use dynamic objects and update those instead.
The approach with SAM doesn't require a policy installation either.
It really depends on the scenario itself...if its just regular traffic, then you might need 2 rules, but if you are referring to say multiple specific hosts/networks, then you can define them same in both source and destination and then action block.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
24 | |
16 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 | |
3 | |
2 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY