Security Gateways R77.30 (and lower) and the Unified Access Control Policy

When you upgrade a Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. from R77.30 (or lower), which manages Security Gateways R77.30 (or lower), to R80.10 or higher, the existing Access Control policies are converted in this way:

• The Firewall policy is converted into the Network Policy Layer of the Access Control Policy. The implicit cleanup rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. for it is set to Drop all traffic that is not matched by any rule in this Layer.

• The Application & URL Filtering policy is converted into the Application Policy Layer Layer (set of rules) in a Security Policy. in the Access Control Policy, which is the second Layer of the Access Control Policy. The implicit cleanup rule for it is set to Accept all traffic that is not matched by any rule in this Layer.

Important - After upgrade, do not change the Action of the implicit cleanup rules, or the order of the Policy Layers. If you do, the policy installation will fail.