Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ykpark
Contributor
Jump to solution

About checkpoint function support. (LLCF , PAT , Policy limit)

Dear All,

I need to check the question below.
Please answer if the following functions are provided at the checkpoint.

1. Support PAT function? (Port Address Translation)
2. LLCF function supported? (Link Loss Carry Forward)
3. Is there a limit to the number of policies that can be set for each checkpoint model?

Thanks

Regards

0 Kudos
1 Solution

Accepted Solutions
Bob_Zimmerman
Authority
Authority

One minor note on question 3: what you're calling policies, Check Point calls rules. In Check Point's terminology:

  1. Each firewall runs exactly one "Policy Package".
  2. A Policy Package is a collection of one or more "layers". These can be Access layers, HTTPS Inspection layers, and/or Threat Prevention layers. Each policy package can be applied to one or more firewalls.
  3. A layer is a collection of one or more rules.
  4. Access layers cover traditional source-destination-service-action rules.
  5. HTTPS Inspection rules govern whether the firewall will try to insert itself into TLS negotiations.
  6. Threat Prevention layers govern how deep inspection features like IPS, antivirus, and so on are applied.

The number of rules in a policy package is not limited, but adding more than about 10,000 slows down the rule management UI. Even very large policy packages don't usually affect the performance of traffic through the gateway, they mostly affect the ability to scroll through the rules and make changes to them in the management client.

View solution in original post

3 Replies
Chris_Atkinson
Employee Employee
Employee

1. YES

2. YES or atleast something similar, we call it "Link State Propagation"

3. No defined limit

CCSM R77/R80/ELITE
0 Kudos
ykpark
Contributor

Thank you for your answer.

0 Kudos
Bob_Zimmerman
Authority
Authority

One minor note on question 3: what you're calling policies, Check Point calls rules. In Check Point's terminology:

  1. Each firewall runs exactly one "Policy Package".
  2. A Policy Package is a collection of one or more "layers". These can be Access layers, HTTPS Inspection layers, and/or Threat Prevention layers. Each policy package can be applied to one or more firewalls.
  3. A layer is a collection of one or more rules.
  4. Access layers cover traditional source-destination-service-action rules.
  5. HTTPS Inspection rules govern whether the firewall will try to insert itself into TLS negotiations.
  6. Threat Prevention layers govern how deep inspection features like IPS, antivirus, and so on are applied.

The number of rules in a policy package is not limited, but adding more than about 10,000 slows down the rule management UI. Even very large policy packages don't usually affect the performance of traffic through the gateway, they mostly affect the ability to scroll through the rules and make changes to them in the management client.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events