Indirectly, you can accomplish this. Create a group with the relevant wireless nets, then define a single rule as follows:
Source: {wireless nets} Destination: NOT {Internal nets} Service: HTTP, HTTPS Action: Allow Bear in mind that you're talking about fundamental differences in architecture between Juniper (and Cisco, for that matter) and Check Point. Juniper and Cisco use interface-centric ACLs, whereas Check Point is an object-oriented firewall. On Tue, Jan 29, 2013 at 1:09 AM, Clive Luk <cl...@sl.nsw.gov.au> wrote: > Hi all, > > I am just wondering if I can define a policy restricted by zone. As I can > see on the CP tracker there is inzone, outzone. > > I have UTM-1 with multiple interfaces. > > 1 x Internet > 1 x DMZ > 1 x Staff internal > 1 x Wireless > 1 x Public internal > > I am wondering if I can have a policy define to allow all wireless to > access internet and DMZ via http and https but not to other interface. > > I have seen a juniper firewall can define policy base on zone. > > > Cheers, > Clive > > Email secured by Check Point > > ==============================**=================== > To set vacation, Out-Of-Office, or away messages, > send an email to > lists...@amadeus.us.**checkpoint.com<lists...@amadeus.us.checkpoint.com> > in the BODY of the email add: > set fw-1-mailinglist nomail > ==============================**=================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/**services/mailing.html<http://www.checkpoint.com/services/mailing.html> > ==============================**=================== > If you have any questions on how to change your > subscription options, email > fw-1-ow...@ts.checkpoint.com > ==============================**=================== > > Email secured by Check Point > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =================================================