Gianluca Giordano

PBR limitations

Discussion created by Gianluca Giordano on Aug 3, 2018
Latest reply on Aug 13, 2018 by Dameon Welch Abernathy

Hi Mates,

reading the sk100500 I was very surprised when it described

The following features/blades are not supported with PBR:

  • IPv6
  • Locally-generated traffic
  • Security Servers
  • Data Loss Prevention (DLP) blade
  • Anti-Spam blade
  • Mail Transfer Agent (MTA) (relevant for Threat Emulation/Threat Extraction/Data Loss Prevention/Anti-Spam blades)
  • ISP Redundancy
  • The following applications (which use Check Point Active Streaming [CPAS]):
    • VoIP (H323, SIP, Skinny, etc.)
    • HTTPS Inspection
    • HTTP Header Spoofing
    • HTTP Proxy
    • IMAP in IPS

 

Despite my idea where, routing feature on the gateway musn't influence the security features, at the moment I need to have a PBR on a gateway where MTA is active for the TEX blade.

In the enviroment where I'd like to implement PBR and I have MTA enabled on a R80.10 gateway, the PBR doesn't work.

Does someone face the same scenario ?

Does someone know a workaround/solution?

Outcomes