Sunday, September 25, 2016

Checkpoint Rule Processing Order

Rule Processing Order

The rule base is processed in order. However, other things happen in the security policy besides checking your defined rules. This is the order of operations:
  1. Anti-spoofing checks
  2. Rule base
  3. Network Address Translation
When you take into account the FireWall-1 global properties, you end up with the following order:
  1. Anti-spoofing checks
  2. "First" Implicit Rules
  3. Explicit Rules (except for the final rule)
  4. "Before Last" Implicit Rules
  5. Last Explicit Rule (should be cleanup rule)
  6. "Last" Implicit Rules
  7. Network Address Translation

No comments:

Post a Comment