This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Lei_Liu
Employee
Employee
‎2020-02-03 07:34 PM

R77.20.87 version of SMB 1450 Appliances support Security Zone or not ?

Hi guys,

Could you help me to confirm whether R77.20.87 version of SMB 1450 Appliances support Security Zone via Centralized Management  of SMC ?

Thanks a lot.

Lei

 

0 Kudos
3 Replies
Lei_Liu
Employee
Employee
‎2020-02-03 07:44 PM

Unfortunately, When we tested this R77.20.87 version, it can install the policy successfully. but the rule policy can't be valid.
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2020-02-04 03:20 AM
In response to Lei_Liu

We find in the new features list of R80.10:

Security Zones: Group interfaces of gateways into Security Zones for new Source and Destination definitions.

The sk10538 Check Point R77.20.xx for 600 / 700 / 1100 / 1200R / 1400 / 910 Appliance Features and Known Limitations only mentions Security Zones 2 times:

SMB-5608 Policy installation fails on a centrally manged environment with more than 255 interfaces (in total) whose "security zone" is not set to "none" (ex: internal,external, etc.).
  • Workaround: If there are no policy rules that use these security zones, change their configuration to "none" (in the Gateway properties -> Topology tab). 
01132456 Assigning Security Zones to interfaces on a SmartProvisioning profile is not supported.

 

But in  sk159772 Check Point R80.20 for 1500 Appliances Features and Known Limitations we read:

Blade / Feature Locally
managed		 Centrally
managed		 Comments
Unified Access
Security Zones Yes Yes  
 

 

It still is not explicitly stated, but sk133252 Rules mismatch on appliance cluster when manually configured Security Zones object used tells us at least that Security Zones are supported with 1400, 1100, 1200R units.

But for which purpose are they supported ? I would suspect for topology definition to do address anti-spoofing. Centrally managed SMB units had their topology imported into Dashboard, where it could not be edited.

So i would assume that R80.10 Security Zones are fully supported by Check Point R80.20 for 1500 Appliances at least...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2020-02-03 11:35 PM

Security Zones are an R80.x feature.
However, I believe there are dynamic objects you can use to refer to specific interfaces.
Which end up giving you similar functionality at the expense of disabling SecureXL templates (something also fixed in R80).
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top