---
title: "Firewall"
slug: "firewall"
updated: 2026-04-07T09:05:20Z
published: 2026-04-07T09:05:20Z
canonical: "support.perimeter81.com/firewall"
stale: true
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.perimeter81.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Firewall

The **Firewall** page allows you to create access rules for your network.

To view the **Firewall** page, access the Check Point SASE Administrator Portal and click **Private Access** > **Firewall**.

![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/MicrosoftTeams-image%20(8).png)

Note - Contact your account manager to request firewall logging functionality. 

## Use Case

Create rules for specific user groups, resources, and protocols. For example, deny access to the management user group to a certain resource if accessed through the Internet Control Message Protocol (ICMP).

Create a comprehensive rule for the entire network traffic. For example, block all traffic on a specific port.

## Prerequisite

Define your network with IPSec or Check Point SASE Connector tunnel. See [Networks Overview](https://support.perimeter81.com/docs/360023404854-how-to-modify-your-network).

## Access Rules Order

The order of the rules indicate the sequence in which the system checks and applies the rules. For example, if a user tries to access a resource, then the system first checks if the traffic matches rule #1. If it does, it applies the rule. Otherwise, the system checks if the traffic matches rule #2, and so on. If none of the rules match, then the system applies the default rule.

## Creating a Firewall Access Rule

1. Access the Check Point SASE Administrator Portal and click **Networks**.
2. Select the network for which you want to create firewall access rules.
3. Click the more icon (**...**) and then click **Firewall Rules**.  
![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/MicrosoftTeams-image%20(9).png) The **Firewall** page appears.  
![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/MicrosoftTeams-image%20(10).png)
4. Click **Add Rule**.  
The system places the new rule at the top, and it is enabled by default.  
![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/MicrosoftTeams-image%20(11)(1).png)
5. In the **Name** field, enter a name that describes the rule.
6. From the **Action**list, select the action type:
  - **Allow**
  - **Deny**
7. In the **Source** field, click **Add Source** and select the traffic source for this rule.
8. In the **Destination** field, click **Add Destination**and select the traffic destination for this rule.Note:The **So****urce**and **Destination** define the conditions for the **Action** to be applied to the traffic.  
You can specify three types of objects in the **Source** and **Destination**fields:

  - **Any** - All traffic (any address or member).
  - **Groups or Members** - All traffic routed from/to a specific member or member group.
  - **Addresses** - Traffic routed from/to an FQDN, IP address, subnet, or list of IP addresses.
9. In the **Service**field, select one of these:
  - **A****ny** - Traffic routed on all protocols and ports.
  - **Services** - Traffic routed on a specific protocol or port.
10. Drag the rule and place it in required position in the order.
11. Click **Apply Changes**.  
![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/MicrosoftTeams-image%20(12).png)
12. Click **Ap****ply**.

## Enabling or Disabling Firewall Logs

1. Access the Check Point SASE Administrator Portal and go to **Private Access** > **Firew****all**.
2. From the **Logs** list, for the network you want to enable or disable blocked firewall logs, select one of these:
  - **Enable**- On
  - **Disable**- Off  
![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/EnableDisable.PNG)

Notes - 

- To enable firewall logs, contact [Check Point support](https://www.checkpoint.com/support-services/contact-support/).
- To view the logged events, do either of these:
  - Go to **Monitor & Logs** > **Security Events**. ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/SecurityEvents_Overview(1).png)
  - Access the **Infinity Events** Administrator Portal, and click **Logs**. ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/InfinityEvents.PNG)