This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
HeikoAnkenbrand
Champion Champion
Champion
‎2022-01-13 06:42 AM
In response to _Val_

This is an exciting topic:-)
I think that the rules and regulations should be clearly laid out. This is basically a design question.

The unified policy is used for processing rules from R8x onwards.

UF_Policy.jpg

 





 

 

 

The Access Policy is processed in according to:
1) Source IP
2) Destination IP
3) Protocol (TCP, UDP,...)
4) Source port
5) Destination port

And the possible match are always sorted out and processed further. Therefore, policy processing is much faster than with older versions R6x and R7x. Therefore, large sets of rules are no longer so critical. I think there are other points to consider, which may be more time-critical (IPS, AV, ...). 

@_Val_  has a presentation describing the unified policy processing:
"Performance Optimization Part 1 Introduction"

PS:
But I am also a fan of smaller and more manageable rules.


➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
(1)
Who rated this post