CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 2 of 2

Thread: Clean up rule in Application Control & Url filtering layer

  1. #1
    Join Date
    2018-05-13
    Posts
    6
    Rep Power
    0

    Default Clean up rule in Application Control & Url filtering layer

    Hello.

    1.
    I was wondering whether it is possible to define that the Application Control & URL filtering layer handles only http(s) protocols and nothing else ?

    The issue I am asking that is the following:

    As part of my network policy I want to allow pings from Inside Lan to Any
    As part of my App Url & filtering policy (ordered layer) my clean up rule is the default one which is From Any to Any Deny

    With that policy if i try to ping 1.1.1.1 from a computer which resides on the inside, then I get blocked by the Clean Up rule of Application Control & URL filtering layer.

    Why do I need to define the same rule again in the Application Layer ie Allow pings from Inside LAN to Any in order for this to work ?


    2. What's the best practice with regard to the Clean Up Rule in an App & URL filtering policy ?

    Thanks in advance.

  2. #2
    Join Date
    2007-06-04
    Posts
    3,276
    Rep Power
    16

    Default Re: Clean up rule in Application Control & Url filtering layer

    1.) ALL Traffic that gets passed by the Firewall Blade will get handed off to the Application Control/URL Filtering, not just HTTP/HTTPS in R77.30. With R80.10 then if kept the AppCtrl/URL as an ordered layer then get the same behaviour. This is by design as many of the applications aren't http/https related.

    If you just want your AppCtrl/URL to handle HTTP/HTTPS then you would need to use R80.x and use a Inline Layer to call the AppCtrl/URL as opposed to an ordered layer. In the rule calling the layer then only permit http/https as the Services so only http/https traffic matching that rule gets passed over to the inline layer.

    You have to have the rule as ALL traffic is passed to the ordered layer your clean up of Any Any Block will match the ICMP traffic and so drop on the AppCtrl URL Cleanup that you have

    Whenever you use the Any Any Deny on the AppCtrl Policy when is an ordered layer then you basically end up replicating your Firewall Blade into the AppCtrl/URL policy as well.



    2.) In terms of AppCtrl/URL then the last action as always stated to me by Check Point is to permit.

    AppCtrl should be structed as such ( according to everything Check Point told me )


    A.) Resources that everyone should have access too but may be blocked lower down in terms of categories

    B.) Conditional Access Rules - In pairs where have Access Role permit access to resources, then a rule underneath for same resources denying access

    C.) Resources that nobody should access, typically Categories which is why may need rules permitting access to specific apps within a category that may not want access to generally. ie in A then would have OneDrive if want to permit sharing via OneDrive and then in C would block File Storage and Sharing. This would allow access to OneDrive but would block other File Storage and Sharing Applications being used.

    D.) Clean Up Rule that permits Any Recognised Application not already blocked

Similar Threads

  1. New GUI Signature Tool for Custom Application Control and URL Filtering applications
    By PhoneBoy in forum Check Point Release Notifications
    Replies: 2
    Last Post: 2017-02-23, 08:08
  2. Application Control and URL Filtering Not Reading Users from AD Groups
    By anh2lua in forum Application Control Blade
    Replies: 3
    Last Post: 2014-12-06, 11:10
  3. Application Control & URL Filtering Inspection flow
    By gcampbe9 in forum Application Control Blade
    Replies: 4
    Last Post: 2014-12-03, 17:44
  4. Application Control / URL Filtering Bandwidth alerting?
    By aweldon in forum Application Control Blade
    Replies: 8
    Last Post: 2014-11-24, 12:52
  5. Application Control, URL Filtering and Identity Awareness - R75.20
    By rmmagow in forum Application Control Blade
    Replies: 2
    Last Post: 2011-09-03, 12:36

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •