AnsweredAssumed Answered

When do multiple policies make sense?

Question asked by Sam Ponder on Jun 21, 2018
Latest reply on Jun 25, 2018 by Maarten Sjouw

Hello Checkpoint Gurus,


When does it make sense to have multiple policies?


Our current environment is the following:

  • a 4600 cluster(r77.30) - main office
  • a 5400 cluster(r80.10) - in testing to replace the 4600 cluster in the main office
  • a 5400 (r80.10) - DR data center
  • a 3200 cluster (r80.10) remote office
  • some 1180(r77.20) for remote offices - that are going to be migrated to 3200's (r80.10)
  • a 410 mgmt appliance (r80.10)


We are running IPS on everything, except a few of the 1180's, and have plans on using IPS on the replacement 3200's.


I was thinking the following would make sense:

  • a policy for all the r77.x
  • a policy for all the r80.10


Any suggestions, comments or critiques are greatly welcomed and appreciated.


Thanks in advance.