May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security
SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend
Paradigm Shifts: Adventures Unleashed!
Capture Your Adventure for a Chance to WIN!
Mastering Compliance
Unveiling the power of Compliance Blade
CPX 2024 Content
is Here!
Harmony SaaS
The most advanced prevention
for SaaS-based threats
CheckMates Go:
CPX 2024 Recap
No, it is even more interesting for accept action 🙂
Imagine you have a layer with the main rule
| Rule number | Source | Destination | Services and Applications | Content | Action |
| 1 | Internal Networks | Internet | Web Services | Any | Inline Layer |
| 1.1 | Any | Any | Gambling Category | Any | Drop |
| 1.2 | Any | Any | Any | Excel Files | Drop |
| 1.3 | Any | Any | Streaming Services | Accept | Log and Accounting |
| 1.4 | Any | Any | Any | Accept | Log |
Rule 1.4 is the cleanup for the section.
With the first package, if we cannot guess at once that it is either 1.1 or 1.3 (depends on application), all rules 1.1 to 1.4 will be conditionally matched. As at least one of them saying "Accept", we let traffic through, because we cannot make a final match on the first packet for most of it.
Now, when the data start flowing, we can make a final match. If I am trying to upload an Excel file, it will be blocked by 1.2. If it is a regular web, we will not change final match, which is 1.4. IF we suddenly detect video service, we will re-match to 1.3.
Did I confuse you yet?
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
