Creating Firewall Rules

Create Firewall rules that relate to inbound traffic in the inbound traffic Rule Base All rules configured in a given Security Policy. Synonym: Rulebase. and rules that relate to outbound traffic in the outbound traffic Rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. Base.

To create a Firewall rule:

1. In the Firewall rule in the Policy tab, right-click the inbound or outbound traffic Action and select Edit Properties.

2. Click one of the Add Rule icons from above the Rule Base.

3. Fill in the columns of the rule. Right-click in a column to select an option.

   Column	Description
   NO	Rule priority number. Rule priority is important because a client checks Firewall rules based on its sequence in the Rule Base. Rules are enforced from the top to the bottom. The last rule is usually a Cleanup Rule that says to drop traffic that does not match any of the previous rules.
   Name	Name of the Firewall Rule.
   Source or Destination	Source - Source location of the network traffic. For an outbound rule, the source is always the local computer. Destination - Destination location of network traffic. For an inbound rule, the destination is always the local computer. Source and Destination can be any of the Network Objects defined in the Access Zones policy or the Trusted/Internet Zone.
   Service	Network protocol or service used by traffic.
   Action	What is done to traffic that matches the rule: Accept or Drop.
   Track	When the rule is enforced: Log - Record rule enforcement in the Endpoint Client Log Viewer. Alert -Show a message on the endpoint computer and record rule enforcement in the Endpoint Client Log Viewer. None - Log and alert messages are not created.

Notes on configuring Tracking:

• If you have a rule that drops or accepts all traffic, do not enable logging.

• To use logs and alerts, you must configure options in the Client Settings rules:

  • In the Log Upload action, Enable log upload must be selected.

  • In the Users Disabling Network Protection action, under Network Protection Alerts, in the Firewall row, select Allow Alert.

Firewall Rules and Domain Controllers

Important - When creating Firewall Rules for endpoint clients, create explicit rules that allow all endpoints to connect to all of the domain controllers on the network.

Services and Network Objects

The same Network Objects and Services are used throughout the SmartEndpoint A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies. and in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.. When you create a new object, it is also available in SmartConsole. If you change an object in the SmartEndpoint or SmartConsole, it is changed everywhere that the object is used.

To create a Network Object:

1. In the Inbound or Outbound Firewall Rule Base, open the Network Objects tab.

2. Click New.

3. Select the type of object from the New Object Type list.

4. Click OK.

5. In the Properties window, enter the required information.

6. Click OK.

To create a Service:

1. In the Inbound or Outbound Firewall Rule Base, open the Services tab.

2. Click New.

3. Select the type of service from the New Object Type list.

4. Click OK.

5. In the Properties window, enter the required information.

6. Optional: If you create a Group, In the Group Properties window, add Available Services to a group.

7. Click OK.

Disabling and Deleting Rules

When you delete a rule, it is removed from the Rule Base and not enforced in the policy.

When you disable a rule, the rule is not enforced in the policy. The rule stays in the Rule Base with an X showing that it is disabled. Select Disable rule again to make the rule active.

To delete or disable a rule:

1. Right-click in the NO column of a rule

2. Select Delete Rule or Disable Rule.

3. Install policy.

The rule is not physically deleted or disabled until you install the policy.