Check Point R80 Cheat Sheet
techblog.esc.de
R80.10 Inline Layers
| Introduction |
|---|
| In R80.10 you have the option to structure the Policy by using the Inline Layer function, so you can add sub-rules to an existing rule. If the rule is matched, the inspection continues in this sub-policy. If the rule is not matched, the sub-policy is skipped. You can also create a more general sub-policy, so you can use it on other rules. |
| Add an Inline Layer: 'Manage policies and layers' |
|---|
 |
| This option is useful if you want to use one sub-policy for more than one rule. In the upper right corner click Menu > Manage policies and layers... > Layers > New Layer... You can also press Ctrl + O to open the Manage policies and layers window. |
| Adding an Inline Layer through the rulebase |
|---|
 |
| This option is useful if you want a specific sub-policy for one rule. In Security Policies > Access Control > Policy click the Action column of a rule and choose Inline Layer > New Layer. |
| Manage policies and layers |
|---|
 |
| Here you can manage, export, and view the history of different layers and Inline Layers of your policy. Inline Layers that you have not explicitly shared will not be displayed, as long as you not uncheck the Show only shared layers in the upper right corner. |
| Editing Inline layers with the Layer Editor |
|---|
 |
| You can access the Layer Editor for a specific Inline Layer by clicking on the Action column of a rule or through Manage policies and layers. Here you can edit common properties like name, color and description, but also more important settings like the usage of Blades, the multiple usage, the Proxy Configuration and the (access-)permissions of this layer. |
| Adding sub-rules to the sub-policy |
|---|
 |
| After successfully creating an Inline Layer you can add sub-rules to the sub-policy by selecting the automaticly created cleanup rule and click on Add rule above button. Or, if you have created the layer through Manage policies and layers, you can open it in a new tab there. Then you can proceed as normal. You can also add sub-policies to sub-rules to achive an even granular and complex rulebase. It is possible to create up to 5 nestings. |
R80.10 Concurrent Administration
| Introduction |
|---|
| In R80.10 you can have several administrators login to one Security Management Server with write privileges. They can simultaniously edit different objects and rulebases. It is possible to edit different rules in one layer, but it can lead to conflicts if one publishes and installs his editings and the other publishes his editings, if the editings cause dependencies. |
| Appearance |
|---|
 |
| If a rule or a object is edited by an administrator it is locked for other administrators. There is a Pencil-Icon for the editor and a Lock-Icon for the other administrators in the "No."-column of the rulebase and on the icon of the edited object. Locked objects and rules will be opened with read-only privileges. In the Blade setting there will be shown a pop-up notification. |
| Session Information |
|---|
 |
| In the lower right corner of the Smart Console you can see the number of draft changes, the current user and the number of connected administrators(click for further information). |