Managing FaaS

  • Updated on Aug 11, 2025
  • Published on Aug 22, 2023
  • 2 minute(s) read
  • Perimeter Support
  • m
 Prev Next

Understanding FaaS

Firewall as a Service (FWaaS) provides an application-centric approach, ensuring swift and secure application delivery.

Effective for scaling security in a digital-first environment and delivering a consistent set of protections everywhere.

Rules listed at the top of the Firewall rules override those listed below.

To illustrate this, consider the following example: 

When user traffic tries to go out through the Harmony SASE network, the system will first check if they match rule #1. 

  • If they do, this traffic will be allowed. If not- #2 is checked.
  • If the traffic matches rule #2, it will be allowed. If not - #3 is checked.
  • If the traffic matches rule #3, they will be blocked. 
  • If none of the rules match, the traffic will either be Dropped or Accepted according to the default policy on the Network: 

How to Create a Rule

The Firewall policy for a network is a list of Rules that defines the access and traffic routing policies. You can create multiple rules that will apply specific policies for specific User Groups, Resources, and Protocols, as well as comprehensive policies that will be used for the entire Network traffic (i.e., block all traffic on a specific port).

To create a new Rule:

  1. Navigate to Networks -> Firewall
  2. Click on (+) Add New Rule
  3. Select the Network where the Rule should be added
  4. Provide an indicative Name
  5. Select the Action type
  6. Add Source and Destination Objects the Rule will apply to
  7. Add Services the Rule will apply to

The Source and Destination define the conditions for the Action to be applied to the traffic.

Three types of Objects can be used in the Source and Destination conditions:

Any - All traffic (any address or user).

Groups or Members - All traffic routed from/to a specific Member or Users Group

AddressesTraffic routed from/to an FQDN, IP Address, Subnet, or List of IPs.

For services, there are two types:

Any - All traffic on all protocols and ports

Services - Traffic routed on a specific Protocol or Ports.

7. Drag the new Rule to the proper Priority (#).

8. Click on Apply Changes.


Recommendations

  • Always keep track of the rules you add to FWaaS to ensure network security.
  • Regularly review your FWaaS settings for the best application delivery and security consistency.
  • Review Addresses & Services

Troubleshooting

If you encounter issues during or after the setup, try reviewing your settings to ensure everything matches the instructions. In particular, check the IP addresses and other details you entered during setup. If issues persist, please consult our dedicated support.

Support Contacts

If you have any difficulties or questions, don't hesitate to contact Harmony SASE's support team. We offer 24/7 chat support on our website at sase.checkpoint.com, or you can email us at sase-support@checkpoint.com. We're here to assist you and ensure your VPN tunnel setup is a success.