This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
CyberBreaker
Contributor
‎2020-07-13 11:35 AM
Jump to solution

Clarifications on VSX Gateways Policies

Hi Guys, I just want to clarify about pushing policies in the VS and VSX gateways. I have 3 VS inside the 2x VSX gateways configured in cluster. Technically, we will be having VS0, VS1, VS2, and VS3, what I did is that I created 3 policy packages and I one VS in each policy packages in using the policy target.

In addition, we all know that there is also a policy package for the VSX gateway itself that was created automatically when we register the VSX gateways to the Smart Console.

My question now is, is my setup correct or do I need to include the VSX gateways to each policy package in addition to each VS (i.e. The target for Policy_Pack1 are VS1 and VS0).

Thank you so much.

0 Kudos
1 Solution

Accepted Solutions
HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2020-07-13 01:35 PM
In response to CyberBreaker
Jump to solution

Both are possible:
A small policy for VS0 and different policies for all other VS systems.
Or one policy for all VS gateways. In this case you can control the rules via "install on" in the ruleset.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

4 Replies
HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2020-07-13 12:31 PM
Jump to solution

It is correct.

You can use a separate policy pack for each vs. For vs0 only basic communication is allowed to reach the gw.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
CyberBreaker
Contributor
‎2020-07-13 12:37 PM
In response to HeikoAnkenbrand
Jump to solution

@HeikoAnkenbrand , thanks for the feedback.

What do you mean it is correct? Correct meaning I need to include the VSX gateways to the policy package of each VS? Thanks

Wolfgang
MVP Gold
MVP Gold
‎2020-07-13 01:26 PM
In response to CyberBreaker
Jump to solution

@CyberBreaker , There is no need to add the VSX-gateways itself to the other policy packages.

As @HeikoAnkenbrand  mentioned, you should have a small policy only to manage the VSX gateways. And your other policies are for your virtual systems.

Wolfgang

HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2020-07-13 01:35 PM
In response to CyberBreaker
Jump to solution

Both are possible:
A small policy for VS0 and different policies for all other VS systems.
Or one policy for all VS gateways. In this case you can control the rules via "install on" in the ruleset.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events