https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-control-and-url-filtering-rules/m-p/100151#M10285 <P>In an ordered layer scenario the HTTPS/HTTP traffic would need to be accepted first.</P> <P>Refer also:</P> <P><A href="https://community.checkpoint.com/t5/Policy-Management/Policy-Layers-in-R80-x/td-p/1717" target="_blank">https://community.checkpoint.com/t5/Policy-Management/Policy-Layers-in-R80-x/td-p/1717</A></P> Mon, 26 Oct 2020 13:20:25 GMT Chris_Atkinson 2020-10-26T13:20:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-control-and-url-filtering-rules/m-p/100134#M10283 <P>Hi All</P><P>I have a quick question when using App control and url filtering on the firewall.</P><P>Under the application control layer, for example if I add facebook, is that all I need to do?&nbsp;</P><P>Under the security blade, would I need to create a rule for the internet to anywhere on 80/443 first? or would the app rule do this for me?</P><P>cheers</P> Mon, 26 Oct 2020 11:32:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-control-and-url-filtering-rules/m-p/100134#M10283 carl_t 2020-10-26T11:32:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-control-and-url-filtering-rules/m-p/100149#M10284 <P>What are you trying to do?&nbsp; Give access to FB to only a group of people?&nbsp; Block Facebook?&nbsp; Remove the option for uploads?&nbsp; There are a lot of options depending on what you are trying to accomplish.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Facebook apps.png" style="width: 609px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/8628iD1C4D066A9666701/image-dimensions/609x647?v=v2" width="609" height="647" role="button" title="Facebook apps.png" alt="Facebook apps.png" /></span></P> <P>If you already have an internet outbound rule towards the internet, it then look at the App/URL blade after that accept.&nbsp; So yes 80/443 would the absolute least required but as you see in screenshot, sometimes it will be other ports needed..</P> Mon, 26 Oct 2020 13:15:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-control-and-url-filtering-rules/m-p/100149#M10284 AlejandroH 2020-10-26T13:15:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-control-and-url-filtering-rules/m-p/100151#M10285 <P>In an ordered layer scenario the HTTPS/HTTP traffic would need to be accepted first.</P> <P>Refer also:</P> <P><A href="https://community.checkpoint.com/t5/Policy-Management/Policy-Layers-in-R80-x/td-p/1717" target="_blank">https://community.checkpoint.com/t5/Policy-Management/Policy-Layers-in-R80-x/td-p/1717</A></P> Mon, 26 Oct 2020 13:20:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-control-and-url-filtering-rules/m-p/100151#M10285 Chris_Atkinson 2020-10-26T13:20:25Z