User guide

Using Rules

400 Check Point Safe@Office User Guide

Using Rules

The Safe@Office appliance checks the protocol used, the ports range, and the destination

IP address, when deciding whether to allow or block traffic.

User-defined rules have priority over the default security policy rules and provide you with

greater flexibility in defining and customizing your security policy.

For example, if you assign your company’s accounting department to the LAN network

and the rest of the company to the DMZ network, then as a result of the default security

policy rules, the accounting department will be able to connect to all company computers,

while the rest of the employees will not be able to access any sensitive information on the

accounting department computers. You can override the default security policy rules, by

creating firewall rules that allow specific DMZ computers (such a manager’s computer) to

connect to the LAN network and the accounting department.

The Safe@Office appliance processes user-defined rules in the order they appear in the

Rules table, so that rule 1 is applied before rule 2, and so on. This enables you to define

exceptions to rules, by placing the exceptions higher up in the Rules table.