https://community.checkpoint.com/t5/Firewall-and-Security-Management/Asset-amp-Anomaly-Detection-APCL-logging/m-p/86481#M11188 <P>Hey guys,</P><P>&nbsp;</P><P>I just need some tips in order to start with an IoT deployment.</P><P>I need to gain informations about network traffic/protocol and app that are used in a specific environment.</P><P>Traffic is passing through R80.20 cluster.</P><P>The goal is to provide a better security for network traffic related to&nbsp;<SPAN>air conditioning systems/video surveillance systems.</SPAN></P><P>&nbsp;</P><P><SPAN>Tried first to enable an ordered layer to log the application traffic with a rule :</SPAN></P><P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Annotazione 2020-05-27 150749.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/6258i073DDE11ACD9C555/image-size/large?v=v2&amp;px=999" role="button" title="Annotazione 2020-05-27 150749.png" alt="Annotazione 2020-05-27 150749.png" /></span></SPAN></P><P><SPAN>For now it seems the firewall is only able to log "ICMP Proto" application.</SPAN></P><P><SPAN>So I'm assuming the layer is working properly and the app control is working properly as well.</SPAN></P><P>&nbsp;</P><P>By the way do you have any idea/tips?</P><P>Do you think that an AAD Management on a dedicated machine will help?</P><P>I was trying to to imagine a scenario where we configure a span port on the core switch in order to forward the traffic to AAD.</P><P>Do you think is it possible and is it a good idea in order to gain visibility?</P><P>&nbsp;</P><P>Let me know guys I hope someone can share his experience in this area.</P><P>&nbsp;</P><P>Thanks in advance</P><P>D!Z</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 27 May 2020 13:16:54 GMT TheRealDiZ 2020-05-27T13:16:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Asset-amp-Anomaly-Detection-APCL-logging/m-p/86481#M11188 <P>Hey guys,</P><P>&nbsp;</P><P>I just need some tips in order to start with an IoT deployment.</P><P>I need to gain informations about network traffic/protocol and app that are used in a specific environment.</P><P>Traffic is passing through R80.20 cluster.</P><P>The goal is to provide a better security for network traffic related to&nbsp;<SPAN>air conditioning systems/video surveillance systems.</SPAN></P><P>&nbsp;</P><P><SPAN>Tried first to enable an ordered layer to log the application traffic with a rule :</SPAN></P><P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Annotazione 2020-05-27 150749.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/6258i073DDE11ACD9C555/image-size/large?v=v2&amp;px=999" role="button" title="Annotazione 2020-05-27 150749.png" alt="Annotazione 2020-05-27 150749.png" /></span></SPAN></P><P><SPAN>For now it seems the firewall is only able to log "ICMP Proto" application.</SPAN></P><P><SPAN>So I'm assuming the layer is working properly and the app control is working properly as well.</SPAN></P><P>&nbsp;</P><P>By the way do you have any idea/tips?</P><P>Do you think that an AAD Management on a dedicated machine will help?</P><P>I was trying to to imagine a scenario where we configure a span port on the core switch in order to forward the traffic to AAD.</P><P>Do you think is it possible and is it a good idea in order to gain visibility?</P><P>&nbsp;</P><P>Let me know guys I hope someone can share his experience in this area.</P><P>&nbsp;</P><P>Thanks in advance</P><P>D!Z</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 27 May 2020 13:16:54 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Asset-amp-Anomaly-Detection-APCL-logging/m-p/86481#M11188 TheRealDiZ 2020-05-27T13:16:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Asset-amp-Anomaly-Detection-APCL-logging/m-p/86488#M11189 Unless you have the Log field set at Detailed or Extended, App Control won't be fully activated with that particular rule.<BR />We have several integrations with AAD vendors that work on that same basic premise (they listen for types of traffic and they tag hosts via the IDA API). Wed, 27 May 2020 13:54:06 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Asset-amp-Anomaly-Detection-APCL-logging/m-p/86488#M11189 PhoneBoy 2020-05-27T13:54:06Z