For most installations, the Clean-Up rule should be the last rule in Rule Base.
A.
True
B.
False
Explanation:
this is an absolute truth for Checkpoint firewall implementations, since the cleanup rule drops all
the traffic without making any logging, it should always be the last entry in the rulebase because
any packets that gets through or to the firewall is dropped at the inspection engine before getting
to the Network layer at the OSI model.
Incorrect Answers:
B: This is one of the basics, the clean up rule should always be the last rule in the rulebase of the
installed policy.