Create a Post
Showing results for 
Search instead for 
Did you mean: 

all gateway object exist?

im new toi checkpoint and creating some polices /layers etc ..

is there a all security gateway object that i can use in my policies?

as i would like to create a policy and i dont necessarily have all my gateways added to the mgmt server at this time., 

or will i have to edit the policy every time i add a new gateway ?

1 Reply

In order to push policy to a gateway, an object for said gateway must exist (unless you're using SmartLSM, in which case a profile needs to exist).

Where a specific policy can be installed is a function of the policy package.

By default, you can push a given policy package to ALL gateways, but you can also restrict it to a specific gateway, as shown in the screenshot:

Whatever policy you install must make sense for the gateway you are installing it to, i.e. be expressed in terms that local gateway can understand (e.g. relevant subnets, users, servers).

Some organizations have different policies for different gateways, some use the same.

Most likely you will need to modify the policy somewhat each time a gateway is added.

You can also use the "Install-On" field of a rule to ensure it is only installed to a specific gateway.

If you want to refer to the local gateway itself as a Source/Destination in a policy, you can use an object called LocalGateway, which is a Dynamic Object that refers to the local gateway.

Each gateway will resolve this to its own IP addresses.

Note that in gateway releases prior to R80.10, rules that refer to Dynamic Objects will not template with SecureXL, and thus will have a performance impact.

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events