Support Center > Search Results > SecureKnowledge Details
How to completely disable FireWall Implied Rules
Solution

Check Point does not support replacing implied rules with explicit rules.

Warning: If the predefined implied rules are disabled, policy installation could fail on managed Security Gateways, even if explicit rules are defined in place of the predefined implied rules.

Important Note: If you choose to disable all Implied Rules, you will need to manually configure the explicit rules required for the proper operation and communication of managed Security Gateways with the Security Management Server.

In specific circumstances, Check Point Support can recommend to modify the predefined implied rules.

 

All predefined FireWall Implied Rules can be disabled in SmartConsole / SmartDashboard:

  • In SmartConsole R8x

    1. Go to the Application menu - click on the Global properties...
    2. Go to the FireWall pane
  • In SmartDashboard R7x

    1. Go to the Policy menu - click on the Global Properties...
    2. Go to the FireWall pane

However, enabling certain features (e.g., Clientless VPN) will enable certain Implied Rules that cannot be disabled in SmartConsole / SmartDashboard.

 

Caution:

  • It is strongly recommended that you make a complete backup / snapshot, prior to making any changes.
  • Always make these changes during a scheduled downtime.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment