- Products
- Learn
- Local User Groups
- Partners
- More
This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
- Products
- Learn
- Local User Groups
- Upcoming Events
- Americas
- EMEA
- Czech Republic and Slovakia
- Denmark
- Netherlands
- Germany
- Sweden
- United Kingdom and Ireland
- France
- Spain
- Norway
- Ukraine
- Baltics and Finland
- Greece
- Portugal
- Austria
- Kazakhstan and CIS
- Switzerland
- Romania
- Turkey
- Belarus
- Belgium & Luxembourg
- Russia
- Poland
- Georgia
- DACH - Germany, Austria and Switzerland
- Iberia
- Africa
- Adriatics Region
- Eastern Africa
- Israel
- Nordics
- Middle East and Africa
- Balkans
- Italy
- Bulgaria
- Cyprus
- APAC
- Partners
- More
- ABOUT CHECKMATES & FAQ
- Sign In
- Leaderboard
- Events
Quantum Spark Management Unleashed!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Who rated this post
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In my opinion, inline is more about ease of management in the long run. When researching my last book, I prepared two different policy packages that accomplished exactly the same goals. One was ordered (one feature per layer), and the other was inline with sub-rules. I examined the compiled Unified Policy INSPECT code for both, and there were only minor, cosmetic differences.
So, I doubt there is much of a rulebase lookup performance difference between inline and unified, with one big exception: the key thing to watch out for, regardless of ordered vs. inline, is ensuring that you only have the Firewall blade enabled in the top or first layer. So, for inline the top/parent rules are Firewall blade only, and only match simple services (port numbers), then in the sub-rules (or second separate layer in the case of ordered) is where you enable APCL/URLF and call for applications and categories. This will help SecureXL accept templating optimize the overhead of rule base lookups. See the following thread for my explanation of this:
As long as you adhere to this recommendation, the difference in rulebase lookup performance on the gateway for ordered vs. inline seems to be negligible, at least as far as I can tell.
If you have a very large ordered policy, it was likely upgraded from an earlier release to R80+, as only the equivalent of ordered layers was possible prior to R80. So, if that existing large ordered policy is working well and you understand it thoroughly, is there some burning, urgent need to convert it to inline? I would personally say NO there is not, as doing so is a manual process and you will probably hit some bumps along the way.
However, if you are implementing a brand new policy package for a new firewall or site, ABSOLUTELY start from the beginning with inline. In the long run your policy will be shorter and easier to understand. This is also a great time to look at using Security Zones instead of big groups of networks for rule matching, and the use of "network defined by routes" for the new gateway anti-spoofing configuration.
Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
©1994-2025 Check Point Software Technologies Ltd. All rights reserved.
Copyright
Privacy Policy
About Us
UserCenter