CCSACertificationCheckPointFirewalls

Rules and the Rule Base

Rules and the Rule Base:

A Security Policy consists of an ordered set of rules, collectively known as the Rule Base. A well-defined
security policy is essential to any effective security solution. The fundamental principle of the Rule Base is
that all actions that are not explicitly permitted are prohibited.
Each rule in the Rule Base specifies the source, destination, service, and action to be taken for each
session. A rule also specifies how the events are tracked. Events can be logged, and then trigger an alert
message. Reviewing traffic logs and alerts is a crucial aspect of security management.

Rule Base Elements:

A rule is made up of the following Rule Base elements (not all fields are relevant to a given rule):

Source and Destination:

Refers to the originator and recipient of the connection. For applications
that work in the client server model, the source is the client and the
destination is the server. Once a connection is allowed, packets in the
connection pass freely in both directions.
You can negate source and destination parameters, which means that a
given rule applies to all connection sources/destinations except the
specified location. You may, for example, find it more convenient to specify
that the a rule applies to any source that is not in a given network To
negate a connection source or destination, right click on the appropriate
rule cell and select Negate Cell from the options menu.

VPN:

Allows you to configure whether the rule applies to any connection
(encrypted or clear) or only to VPN connections. To limit a rule to VPN
connections, double-click on the rule and select one of the two VPN
options.

Service:

Allows you to apply a rule to specific predefined protocols or services or
applications. You can define new, custom services.

Action:

Determines whether a packet is accepted, rejected, or dropped. If a
connection is rejected, the firewall sends an RST packet to the originator
of the connection and the connection is closed. If a packet is dropped, no
response is sent and the connection eventually times out. For information
on actions that relate to authentication.

Track:

Provides various logging options (see the R75.20 Security Management
Administration Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=1227
7)).

Install-On:

Specifies the Security Gateway on which the rule is installed. There may
be no need to enforce certain rules on every Security Gateway. For
example, a rule may allow certain network services to cross only one
particular gateway. In this case, the specific rule need not be installed on
other gateways (see the R75.20 Security Management Administration
Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=1227
7)).

Time:

Specifies the time period (for Activate On and Expire On), the time of day,
and the days (every day, day of week, day of month) that the rule is
enforced.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

DuUtmD Xs2 r

Please type the text above:

Check Also

Close
Close
Close