- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hello,
after migration from R77.30 to R80.20 i want to use inline layers.
can i do an "soft-migration" and add some inline layers?
can i use ordered and inline-layers at the same time?
in maxpower-book i read to not use "any" object. but in R80.20 demo mode, many rules are with any.
so should i avoid any, or is it with inline-layers no problem to use any?
thanks
daniel
_Val_
Yes, you can migrate as is and later convert some of your rules into sub-layers. We have shown an example of such conversion during one of our TechTalks earlier this year: https://community.checkpoint.com/t5/General-Topics/Migrate-to-R80-20-TechTalk/m-p/22862
Drill to the slides, specifically slides 66-70 are addressing that.
Before @Timothy_Hall can elaborate on your "any" object comment, I have to stress than rulebase order and us of specific objects in the policy has smaller significance with R80.x in comparison to R77.30, because of new rulebase lookup logic.
Timothy_Hall
Avoiding the use of "Any" in the Destination column of rules is to help optimize the new R80.10+ Column-based Matching feature and reduce rulebase lookup overhead in the F2V path. This recommendation applies for both ordered and inline layers. Using literally anything other than "Any" will help, such as:
While avoiding "Any" will help in the Destination, Source and Service fields, the Destination column is checked first by Column-based matching thus the recommendation to focus on avoiding "Any" in that column.
_Val_
Yes, you can migrate as is and later convert some of your rules into sub-layers. We have shown an example of such conversion during one of our TechTalks earlier this year: https://community.checkpoint.com/t5/General-Topics/Migrate-to-R80-20-TechTalk/m-p/22862
Drill to the slides, specifically slides 66-70 are addressing that.
Before @Timothy_Hall can elaborate on your "any" object comment, I have to stress than rulebase order and us of specific objects in the policy has smaller significance with R80.x in comparison to R77.30, because of new rulebase lookup logic.
Timothy_Hall
Avoiding the use of "Any" in the Destination column of rules is to help optimize the new R80.10+ Column-based Matching feature and reduce rulebase lookup overhead in the F2V path. This recommendation applies for both ordered and inline layers. Using literally anything other than "Any" will help, such as:
While avoiding "Any" will help in the Destination, Source and Service fields, the Destination column is checked first by Column-based matching thus the recommendation to focus on avoiding "Any" in that column.
Timothy_Hall
"Any" is not a real "problem" as far as functionality or security in any column of a policy layer, for performance optimization purposes though it can be helpful to avoid the use of "Any" primarily in the Destination column.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY