This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Petr_Hantak
Advisor
Advisor
3 weeks ago
Jump to solution

Locally managed R82.x.x policy rule count limit

Hello, during one specific migration from other vendor platform to Locally managed Spark we reached total rule limit number 100 rules in the Access rule policy. This is not the first time when we see the limit on the Gaia embedded. My question is if it is really hardcoded or is there other way how to reach more?

Did anyone face it here already?

I did not found anywhere info about that limit. Administration guide describes limit for usage objects in the rule like source/dest/service fields, but not total rules.

https://sc1.checkpoint.com/documents/Appliances/Quantum_Spark_R82.00.X/AdminGuides_Locally_Managed/E...

Also some extra notice, we are able to add some extra rules there as result of automatic features - adding servers objects, activating VOIP, also adding more rules via Spark cloud management is possible - but all those ways are practically separated layers of the policy.

I understand that some limit must exist for optimal performance, but 100 seems to be really low. Compared to Centrally managed Sparks where is no such a low limit and you are able to have hundred of rules without issues including performance.

 

0 Kudos
1 Solution

Accepted Solutions
Tom_Hinoue
Advisor
Advisor
3 weeks ago
Jump to solution

This is controlled by the "Device" ->  "Advanced Settings" parameter [Firewall Policy - Limit the Access Policy size] which is set to [True] by default which limits the rules to 100. If you change this to [False], then more than 100 rules can be configured.

I believe this was first introduced around R81.10.15 firmware, and as you mentioned it's likely to optimize performance for the small boxes, though I think I wont have more than 100 rules on low end models due to the limited resources. 

access_policy_size.png

 

View solution in original post

3 Replies
Tom_Hinoue
Advisor
Advisor
3 weeks ago
Jump to solution

This is controlled by the "Device" ->  "Advanced Settings" parameter [Firewall Policy - Limit the Access Policy size] which is set to [True] by default which limits the rules to 100. If you change this to [False], then more than 100 rules can be configured.

I believe this was first introduced around R81.10.15 firmware, and as you mentioned it's likely to optimize performance for the small boxes, though I think I wont have more than 100 rules on low end models due to the limited resources. 

access_policy_size.png

 

Petr_Hantak
Advisor
Advisor
3 weeks ago
In response to Tom_Hinoue
Jump to solution

Thank you Tom. You are absolutely right! I can confirm that and I believe that this post could be helpful also for anyone else who hits the same issue.

PhoneBoy
Admin
Admin
3 weeks ago
Jump to solution

I remember the days of certain Nokia IP appliances where there were limits for centrally managed appliances, too.
These were flash-based and also applied to some disk-based models also.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events