Error - View Single Post

**ps3cheats** · 25-Mar-2007, 11:20 PM

"is it not secure to leave this option checked"? Depends on the level of risk you are willing to take. It's probably best to uncheck this, but then you have to manually add rules to allow things like sending logs to a log server or policy gets from the enforcement module to the management server. It is also useful to leave this on for troubleshooting issues.

What "Before Last" means is that this rule is applied before the last rule in your firewall policy (usually a "drop all" rule). Other options are "first" and "last" which means apply rule before all other rules or after all other rules.

If you want the global policies to be logged then there is an option to log implied rules in the global policies setting.

Cheers

25-Mar-2007, 11:20 PM	#2 (permalink)
ps3cheats Fixed Error! Posts: 1,497 Join Date: Mar 2007 Rep Power: 3 IM:	Re: Checkpoint Enforcement Module prb "is it not secure to leave this option checked"? Depends on the level of risk you are willing to take. It's probably best to uncheck this, but then you have to manually add rules to allow things like sending logs to a log server or policy gets from the enforcement module to the management server. It is also useful to leave this on for troubleshooting issues. What "Before Last" means is that this rule is applied before the last rule in your firewall policy (usually a "drop all" rule). Other options are "first" and "last" which means apply rule before all other rules or after all other rules. If you want the global policies to be logged then there is an option to log implied rules in the global policies setting. Cheers