You are working with multiple firewalls that have extensive Rule Bases. To simplify administration
task, which of the following should you choose to do?
A.
Create Network range objects that restrict all applicable rules to only certain networks.
B.
Run separate GUI clients for external and internal firewalls.
C.
Eliminate all possible contradictory rules such as stealth and clean-up rules.
D.
Save a different Rule Base for each remote firewall.
E.
None of the above.
Explanation:
this is one of the best practices recommended by Checkpoint engineers, if you have a large
number of entries in your rulebase for multiple remote firewalls you can have one rulebase for
each remote one, so you can simplify your administration for each of them.
Incorrect Answers:
A: This is not recommended because you could have hosts in one network sending packets
through multiple firewalls modules, so you don’t need to manipulate Network Range objects.
B: Checkpoint is trying to make their products as consolidated as possible, they are trying to put all
the components in the same console, as is the case of the Policy Editor that includes “Object
Tree”, “Visual Policy Editor” and “Security Policy Editor”, in the same console.
C: this is not an option because this rules are often necessary to comply with business
requirements, they are best practices too.
E: is incorrect because Answer D is the only valid choice.