Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
SAROU237
Explorer

Threat prevention policy

For access control policy:

When a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom, and enforces the first rule that matches a packet.

 

For threat prevention policy what is the step?

First IPS, after threat emulation after ?

Could you please explain me the step

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

It's a little more complicated than that.
But in general, Access Control is first, then Threat Prevention, which happens as part of the Content Inspection process that involves multiple blades.
You can see a representation of the logical packet flow here: https://community.checkpoint.com/t5/General-Topics/R80-x-Security-Gateway-Architecture-Logical-Pack... 

0 Kudos
_Val_
Admin
Admin

This is a rough but pretty accurate visualisation for the layered policy enforcement

Screenshot 2020-12-16 at 09.26.02.png

Mind, with Unified Policy, you might conditionally match several rules, before the final AC/URLF decision is made. 

0 Kudos