fw sam_policy

Important:

• This configuration is supported only from the Command Line.

  You must run these commands in the Expert mode on one of the Security Group A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. Members.

• The Rate Limit configuration applies to each Security Group Member and not globally.

• The Rate Limit configuration you make with these commands, survives reboot.

• VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. mode supports the Rate Limiting rules only from R80.20SP Jumbo Hotfix Accumulator Collection of hotfixes combined into a single package. Acronyms: JHA, JHF, JHFA. Take 266 (see MBS-4895 in sk155832).

  In VSX mode, you must go to the context of an applicable Virtual System.

  • In Gaia gClish The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators. Commands you run in this shell apply to all Security Appliances in the Security Group., run: set virtual-system <VSID>

  • In the Expert mode, run: vsenv <VSID>

• R80.20SP does not support the Suspicious Activity Monitoring (SAM) rules and the "fw sam" command (see 02641733 in sk113255 and in sk148074).

Notes:

• These commands are interchangeable:

  • For IPv4: "g_fw sam_policy" and "g_fw samp"

  • For IPv6: "g_fw6 sam_policy" and "g_fw6 samp"

• Security Group Members store the SAM Policy rules in the $FWDIR/database/sam_policy.db file.

• Security Group Members store the SAM Policy management settings in the $FWDIR/database/sam_policy.mng file.

Best Practice - SAM Policy rules consume some CPU resources on Security Group Members. Set an expiration for rules that gives you time to investigate, but does not affect performance. Keep only the required SAM Policy rules. If you confirm that an activity is risky, edit the Security Policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection., educate users, or otherwise handle the risk.