This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
khineminn
Contributor
Sunday

Understanding Checkpoint Policy Packages

Could someone explain the details regarding policy packages? Let's assume we have two policy packages: 1. Standard and 2. HQ_Policy.

  1. The HQ_Policy is installed on a specific gateway.
  2. The Standard policy is installed on all gateways.

In this case, how do both rules interact, and what is the order in which the policy packages are applied?

Thanks in advance!

0 Kudos
4 Replies
AkosBakos
Advisor
Sunday

Hi @khineminn 

One gateway or cluster can have only one policy.

Let me explain with my words:

You can install Standard policy to any gateways or clusters in your domain. The HQ_Policy can be installed on a specifix gateway. You can set the installation target under Manage Policy packages,

There is no such way one gateway has 2 polices in one time (no merged, mixed, union). If you installed HQ_Policy to eg.: GW_HQ_clu then you want to install Standard to GW_HQ_clu, you will get a message -> HQ_Policy is installed, do you really want to install Standard?

Otherwise If you want to create an union of two policies -> simply copy them into a new policy package.

Akos

0 Kudos
khineminn
Contributor
Sunday
In response to AkosBakos

Hi @AkosBakos 

It makes sense. I'm confused about the following, and please let me know how it will work. There is only one gateway and which policy package will pick?
 
Manage Policy Layers
!
Standard _ Policy Target > All Gateways
HQ_Policy _ Policy Target > All Gateways
 
 
Each Policy Package
!
Standard _ Install On > HQ Gateway
HQ_Policy _ Install On > HQ Gateway

 

0 Kudos
AkosBakos
Advisor
Sunday
In response to khineminn

Hi @khineminn 

That policy will picked, which will be pushed to the gateway first time. Gateway with no policy has an "initial" policy which will allow only the necessary port, GAIA portal, SSH, PING tot the MGMT address. Nothing more.

It is clear now? 🙂

Akos

(1)
khineminn
Contributor
Sunday
In response to AkosBakos

Hi @AkosBakos 

Thanks for your explanation. It is clear now. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events