Mohamed,
No worries, mate. Here goes:
If you look into the Policy->Properties menu on the toolbar, you
will see an enforce on interface direction option. This allows you to
set a particular behavior as a global policy, that is,
External-net->fw-IF->Inbound-Check->Route-Nat->outbound-Check->internal-net
(internal and external are relative to the source of transmission)
So, Eitherbound uses both policy checks, validating that even users on
the firewall box will have the relevant policy applied
Inbound prevents hacks to the firewall by checking packets before
they arrive at the IP stack
Outbound only checks packets after they have passed routing.
These options were instituted in the days of low processor capability,
but because of large enterprise customers who had learned to deal with
behavior of NAT with regard to these rules, check point apparently left
them in.
Now to your question:
If you manually specify and install-on target such as "ClusterobjectA",
the rules will automatically be enforced Eitherbound
If you specify Destination, this will have policy enforced on the
inbound direction, and Source will refer to the outbound.
You can contact me in a private email should you desire more
clarification.
Cheers,
CT
Mohamed Maraikayar wrote:
> this may be an elementary question,but i am helpless now.In checkpoint rule
>base,What is the difference between Install on source,destination or routers or
>gateways? i read the secadmin pdf of checkpoint, but coudlnt understand the
>differnce.i have ,by default choose install on gateways.but if we give install on
>source,all outbound connections from that source is checked.the prime objective is
>also achieved when we give install on gateways.could anyone clear me with simple
>words ?
> thanks
> mohamed.
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
