- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- R77.20.87 version of SMB 1450 Appliances support S...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R77.20.87 version of SMB 1450 Appliances support Security Zone or not ?
Hi guys,
Could you help me to confirm whether R77.20.87 version of SMB 1450 Appliances support Security Zone via Centralized Management of SMC ?
Thanks a lot.
Lei
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We find in the new features list of R80.10:
Security Zones: Group interfaces of gateways into Security Zones for new Source and Destination definitions.
The sk10538 Check Point R77.20.xx for 600 / 700 / 1100 / 1200R / 1400 / 910 Appliance Features and Known Limitations only mentions Security Zones 2 times:
SMB-5608 | Policy installation fails on a centrally manged environment with more than 255 interfaces (in total) whose "security zone" is not set to "none" (ex: internal,external, etc.).
|
01132456 | Assigning Security Zones to interfaces on a SmartProvisioning profile is not supported. |
But in sk159772 Check Point R80.20 for 1500 Appliances Features and Known Limitations we read:
Blade / Feature | Locally managed |
Centrally managed |
Comments |
Unified Access |
Security Zones | Yes | Yes | |
It still is not explicitly stated, but sk133252 Rules mismatch on appliance cluster when manually configured Security Zones object used tells us at least that Security Zones are supported with 1400, 1100, 1200R units.
But for which purpose are they supported ? I would suspect for topology definition to do address anti-spoofing. Centrally managed SMB units had their topology imported into Dashboard, where it could not be edited.
So i would assume that R80.10 Security Zones are fully supported by Check Point R80.20 for 1500 Appliances at least...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
However, I believe there are dynamic objects you can use to refer to specific interfaces.
Which end up giving you similar functionality at the expense of disabling SecureXL templates (something also fixed in R80).
