I would like to clarify the use of layers in R80 Management Server and SmartConsole.
A layer is a set of rules, or a rule-base. R80 organizes the policy with ordered layers. For example, Gateways that have the Firewall and Application control blades enabled, will have their policies split into two ordered layers: Network and Applications. Another example is Gateways that have the IPS and Threat Emulation blades enabled, will have their policies split into two ordered layers: IPS and Threat Prevention. For Pre-R80 Gateways, this basically means the same enforcement as it always was, only in a different representation in the Security Management.
Ordered layers are enforced this way: When the Gateway matches a rule in a layer, it starts to evaluate the rules in the next layer.
The layers concept opens more options for policy management:
- Setting different view and edit permissions per layer for different administrator roles.
- Re-using a layer in different places: The same application control layer in different policy packages ( Sharing a layer across different policies ), or the same inline layer for different scopes.
- Explaining global and local policies in Multi-Domain with the same feature set of layers: A domain layer will be the set of rules that are added in each domain by the domain administrator.
R80.10 Gateways and above will have the ability to utilize layers in new ways:
- Unifying all blades into a single policy (How to use the unified policy? )
- Segregating a policy into more ordered layers, not necessarily by blades
- Allowing sub-policies inside a rulebase, with the use of inline layers (How do I define diffrent policies to diffrent users? )
Message was edited by: Tomer Sole