I'm managing some firewalls for our corporate lan and I'm trying to optmize the current rulebase in order to have better performance and simplify the management task.
Actually we have 4 different firewalls (Checkpoint NG with AI), 2 for perimetral security and the other 2 for intranet security and we are using a total of 85 rules (some of them are applied only to specific firewalls while others are applied to all the systems). All this is managed from a central Management console.
I'd like to know how checkpoint work through the rulebase. I already know that they are checked sequentially until a rule is matched, but i need more information to fine-tune this process.1) is it possible/advisable to define different policy packages for different firewalls and work with them separately? 2) does a firewall receive a policy containing only the rules referring to it or every policy defined and then it check only its rules ? 3) is better to have one big rule grouping a lot of host, network and services or more simple rules (with few objects for each one) ?