This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Neil_Davey
Participant
‎2017-08-12 01:22 AM
Jump to solution

R80.10 Application Blade

Hi All

I have recently updated my SC to R80.10 and I have 5 Gateways on R77.30 and all of these use the Application and Control Blade.  I have a policy under each FW policy and use the install on as the relevant gateway.

I am now going to review these rules and was wondering if I need to have 5 seperate policies still or can I have 1 policy, and then under the Install On just select all my gateways?

Thanks

0 Kudos
1 Solution

Accepted Solutions
Tomer_Sole
Mentor
Mentor
‎2017-08-13 12:12 AM
Jump to solution

You can share your Application Control layer across all policies. This is actually recommended. You can use the Policy Targets as demo'd by Dameon's excellent video.

This is a Management-only feature, no need to upgrade an R7x gateway for that.

see: Sharing a layer across different policies 

View solution in original post

3 Replies
Jerry
Mentor
Mentor
‎2017-08-12 12:16 PM
Jump to solution

I've got the same setup except all runs R80.10 and segregated all this with new features like layers and parent rules from VSX MDS. In your case it would be wise to compare all those policies and unite them (consolidate them) in one global APP policy? If not possible think about APP per SG but making more out of the new layers on R80.10.

Jerry
0 Kudos
PhoneBoy
Admin
Admin
‎2017-08-12 02:26 PM
Jump to solution

Yes, you can install one policy to multiple gateways and you can use the install-on field in the way you describe.

What I would also do is to set the installation target for a given policy to specific gateways.

This is a good best practice to ensure you don't accidentally install the wrong policy on the wrong gateway.

I created a brief video explaining how to do this.

Video Link : 5531

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2017-08-13 12:12 AM
Jump to solution

You can share your Application Control layer across all policies. This is actually recommended. You can use the Policy Targets as demo'd by Dameon's excellent video.

This is a Management-only feature, no need to upgrade an R7x gateway for that.

see: Sharing a layer across different policies 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top