 | ||
 Recommended R61 Implied Rules | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-06-03 | |||
| |||
 Recommended R61 Implied Rules Hi , I have a Distributed enviroment with Nokia and R61. Is there any recommended Implied rulebase that needs to be followed. Canany one please share if u have any such docs. thanks sridhar  |
| 2007-06-04 | |||
| |||
| Re: Recommended R61 Implied Rules It depends upon how pedantic you want to be. I generally turn off all Global Properties > Firewall Implied rules and write my own as that gives much higher levels of control over what devices can communicate with what. Generally you will need: Firewalls to Firewalls (eg clusters) : FW1, CP_ClusterControl and FIBMGR (SPLAT)/IPSO_Clustering Bidirectional Firewalls to VPN devices: IKE, ESP, AH, FW1_topo, tunnel_test, tunnel_test_mapped, echo-request Management clients to Firewalls: https, ssh Management clients to Sofaware: https, ssh, SWTP_Mgmt Network (SNMP) Managers to Firewalls: snmp-read, echo-request Managers to Firewalls: CPD, CPD_Amon, FW1, FW1_CRPID, FW1_ICA_Push, FW1_ica_services, FW1_sam Log servers to firewalls : FW1 Anything else to Firewalls drop (Stealth Rule!) Firewalls to log servers : FW1_log Firewalls to Managers: CPD, FW1, FW1_ica_services, FW1_ica_pull, CPD_amon Firewalls to Network Managers : syslog, snmp-trap Firewalls to NTP servers: ntp-udp Firewalls to VRRP multicast: vrrp Firewalls to DNS servers: domain-udp Firewalls to RADIUS: new-radius Sofaware to Management: SWTP_Gateway, SWTP_SMS |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
