cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Best practices for inline layers

Hi, we're running R80.10 and would like to start cleaning up our policy that has become cluttered and outdated and inline layers look like they could assist in keeping things organized as we clean up the old clutter but I can't find a lot of info about best practices for them.

 

Should you try to limit how many inline layers/rules you use in a policy?

 

Is there a preferred method for crafting the parent rule?  Should it be vague and then get more particular with each inline layer rule?  Or should the parent rules be crafted very specifically as well?

 

I've read a few of the threads here on CheckMates and any relevant SK's but was just wondering if there was any specific guidance on the best way to utilize inline layers.

 

 

0 Kudos
2 Replies
Highlighted

Re: Best practices for inline layers

Hi Eric,

If I were you, I would be reading up on the following:

 

  • Best Practices for Access Control Rules 
  • Unified Rule Base Cases 

 

Both sections can be found in the following link:

https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_SecurityManagement_AdminGuid...

I hope this helps.

0 Kudos
Admin
Admin

Re: Best practices for inline layers

I wouldn’t nest inline layers more than 3 or 4 deep. Top-Level rules should be fairly generic but there are use cases when a specific rule at the top might be useful.

Also think "reusable policies" with layers. For example, you might create a layer specific to Internet access that you want to apply in multiple policies. That would be a layer you make shared so it can easily be reused.

0 Kudos