Why need to write Cleanup rule ? anyhow by default FW will drop packets if no rule exist
* Cleanup rule is required to drop all traffic that did not match any of the other rules (from top to bottom)However there is an Implied rule in Checkpoint that does the same action of dropping packets if no rule exists ( as you mentioned) but logging is not enabled for this implied rule.
Normally and also as the best practice administrators add the cleanup rule in order to log the traffic which is being dropped, so that we are made aware of the traffic which are being dropped which might be a attack or legitimate traffic for which access has not been allowed ( This would be helpful in troubleshooting and attack analysis).
* Cleanup rule is required to drop all traffic that did not match any of the other rules (from top to bottom)However there is an Implied rule in Checkpoint that does the same action of dropping packets if no rule exists ( as you mentioned) but logging is not enabled for this implied rule.
Normally and also as the best practice administrators add the cleanup rule in order to log the traffic which is being dropped, so that we are made aware of the traffic which are being dropped which might be a attack or legitimate traffic for which access has not been allowed ( This would be helpful in troubleshooting and attack analysis).
No comments:
Post a Comment