Network Groups
A Network Group is a collection of hosts, gateways, networks, or other groups. Groups can be used to facilitate and simplify network management. When you have the same set of objects which you want to use in different places in the Rule Base All rules configured in a given Security Policy. Synonym: Rulebase., you can create a group to include such set of objects and reuse it. Modifications are applied to the group instead of to each member of the group.
Groups are also used where SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. lets you select only one object, but you need to work with more than one. For example, in the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. object > Network Management > VPN Domain > Manually defined, you can only select on object from the drop-down menu. If you want to select more than one object for your VPN Domain, you can create a group, add the required objects to the group, and select the group from the drop-down menu.
Grouping Network Objects
To create a group of network objects
-
In the Objects tree, click New > Network Group.
The New Network Group window opens.
-
Enter a name for the group
-
Set optional parameters:
-
Object comment
-
Color
-
Tag (as custom search criteria)
-
-
For each network object you want to add, click the [+] sign and select it from the list that shows.
-
Click OK.
From version R80.20.M2, you can also associate groups to a network object directly from the object editor.
To associate groups to a network object
-
Open the object editor, and go to Groups in the navigation tree.
-
For each group you want to add, click the [+] sign and select it from the list that shows.
|
Note - From R81.20 Jumbo Hotfix Accumulator Take 26, policy verification reports an error if there is an empty Network Group in the source or destination columns of an Access Control rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.. Prior to R81.20 Jumbo Hotfix Accumulator Take 26, empty Network Groups in the source or destination columns of an Access Control rule were treated as an "Any" object. |