This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nflnetwork29
Advisor
‎2018-11-09 10:11 AM

all gateway object exist?

im new toi checkpoint and creating some polices /layers etc ..

is there a all security gateway object that i can use in my policies?

as i would like to create a policy and i dont necessarily have all my gateways added to the mgmt server at this time., 

or will i have to edit the policy every time i add a new gateway ?

1 Reply
PhoneBoy
Admin
Admin
‎2018-11-09 10:50 AM

In order to push policy to a gateway, an object for said gateway must exist (unless you're using SmartLSM, in which case a profile needs to exist).

Where a specific policy can be installed is a function of the policy package.

By default, you can push a given policy package to ALL gateways, but you can also restrict it to a specific gateway, as shown in the screenshot:

Whatever policy you install must make sense for the gateway you are installing it to, i.e. be expressed in terms that local gateway can understand (e.g. relevant subnets, users, servers).

Some organizations have different policies for different gateways, some use the same.

Most likely you will need to modify the policy somewhat each time a gateway is added.

You can also use the "Install-On" field of a rule to ensure it is only installed to a specific gateway.

If you want to refer to the local gateway itself as a Source/Destination in a policy, you can use an object called LocalGateway, which is a Dynamic Object that refers to the local gateway.

Each gateway will resolve this to its own IP addresses.

Note that in gateway releases prior to R80.10, rules that refer to Dynamic Objects will not template with SecureXL, and thus will have a performance impact.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events