This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ykpark
Contributor
‎2022-11-28 05:43 PM
Jump to solution

About checkpoint function support. (LLCF , PAT , Policy limit)

Dear All,

I need to check the question below.
Please answer if the following functions are provided at the checkpoint.

1. Support PAT function? (Port Address Translation)
2. LLCF function supported? (Link Loss Carry Forward)
3. Is there a limit to the number of policies that can be set for each checkpoint model?

Thanks

Regards

0 Kudos
1 Solution

Accepted Solutions
Bob_Zimmerman
Authority
Authority
‎2022-11-29 07:32 AM
Jump to solution

One minor note on question 3: what you're calling policies, Check Point calls rules. In Check Point's terminology:

  1. Each firewall runs exactly one "Policy Package".
  2. A Policy Package is a collection of one or more "layers". These can be Access layers, HTTPS Inspection layers, and/or Threat Prevention layers. Each policy package can be applied to one or more firewalls.
  3. A layer is a collection of one or more rules.
  4. Access layers cover traditional source-destination-service-action rules.
  5. HTTPS Inspection rules govern whether the firewall will try to insert itself into TLS negotiations.
  6. Threat Prevention layers govern how deep inspection features like IPS, antivirus, and so on are applied.

The number of rules in a policy package is not limited, but adding more than about 10,000 slows down the rule management UI. Even very large policy packages don't usually affect the performance of traffic through the gateway, they mostly affect the ability to scroll through the rules and make changes to them in the management client.

View solution in original post

3 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-11-29 02:09 AM
Jump to solution

1. YES

2. YES or atleast something similar, we call it "Link State Propagation"

3. No defined limit

CCSM R77/R80/ELITE
0 Kudos
ykpark
Contributor
‎2022-12-12 04:29 PM
In response to Chris_Atkinson
Jump to solution

Thank you for your answer.

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2022-11-29 07:32 AM
Jump to solution

One minor note on question 3: what you're calling policies, Check Point calls rules. In Check Point's terminology:

  1. Each firewall runs exactly one "Policy Package".
  2. A Policy Package is a collection of one or more "layers". These can be Access layers, HTTPS Inspection layers, and/or Threat Prevention layers. Each policy package can be applied to one or more firewalls.
  3. A layer is a collection of one or more rules.
  4. Access layers cover traditional source-destination-service-action rules.
  5. HTTPS Inspection rules govern whether the firewall will try to insert itself into TLS negotiations.
  6. Threat Prevention layers govern how deep inspection features like IPS, antivirus, and so on are applied.

The number of rules in a policy package is not limited, but adding more than about 10,000 slows down the rule management UI. Even very large policy packages don't usually affect the performance of traffic through the gateway, they mostly affect the ability to scroll through the rules and make changes to them in the management client.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events