Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Lei_Liu
Employee
Employee

R77.20.87 version of SMB 1450 Appliances support Security Zone or not ?

Hi guys,

Could you help me to confirm whether R77.20.87 version of SMB 1450 Appliances support Security Zone via Centralized Management  of SMC ?

Thanks a lot.

Lei

 

0 Kudos
3 Replies
Lei_Liu
Employee
Employee

Unfortunately, When we tested this R77.20.87 version, it can install the policy successfully. but the rule policy can't be valid.
0 Kudos
G_W_Albrecht
Legend
Legend

We find in the new features list of R80.10:

Security Zones: Group interfaces of gateways into Security Zones for new Source and Destination definitions.

The sk10538 Check Point R77.20.xx for 600 / 700 / 1100 / 1200R / 1400 / 910 Appliance Features and Known Limitations only mentions Security Zones 2 times:

SMB-5608 Policy installation fails on a centrally manged environment with more than 255 interfaces (in total) whose "security zone" is not set to "none" (ex: internal,external, etc.).
  • Workaround: If there are no policy rules that use these security zones, change their configuration to "none" (in the Gateway properties -> Topology tab). 
01132456 Assigning Security Zones to interfaces on a SmartProvisioning profile is not supported.

 

But in  sk159772 Check Point R80.20 for 1500 Appliances Features and Known Limitations we read:

Blade / Feature Locally
managed
Centrally
managed
Comments
Unified Access
Security Zones Yes Yes  
 

 

It still is not explicitly stated, but sk133252 Rules mismatch on appliance cluster when manually configured Security Zones object used tells us at least that Security Zones are supported with 1400, 1100, 1200R units.

But for which purpose are they supported ? I would suspect for topology definition to do address anti-spoofing. Centrally managed SMB units had their topology imported into Dashboard, where it could not be edited.

So i would assume that R80.10 Security Zones are fully supported by Check Point R80.20 for 1500 Appliances at least...

CCSE CCTE CCSM SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

Security Zones are an R80.x feature.
However, I believe there are dynamic objects you can use to refer to specific interfaces.
Which end up giving you similar functionality at the expense of disabling SecureXL templates (something also fixed in R80).
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events