https://community.checkpoint.com/t5/Firewall-and-Security-Management/Enabling-Protocol-Signatures-on-a-service-Does-it-affect-Network/m-p/160425#M28276 <P>Reading other community articles we got the impression enabling Protocol Signatures on a service will affect traffic going through Network Policy rules as well as in App Control rules.</P><P>We started to see strange things so I thought I would test in a lab.</P><P>I created a test using<BR />1. The standard HTTPs service<BR />2. Creating a new HTTPS service. TCP Port 443, HTTPs Protocol and enabled Protocol Signatures<BR />3. Created an HTTP (not https) website listening on port 443.</P><P>Added 2 Network rules<BR />1. Accept rule using custom HTTPs service with enabled Protocol Signatures.<BR />2. Drop using the standard HTTPs service.</P><P>Test http traffic on port 443 is allowed on rule 1. i.e. using the custom HTTPS Service with enabled Protocol Signatures</P><P>Adding application control Rules<BR />1. Accept rule using custom HTTPs service with enabled Protocol Signatures<BR />2. Drop using the standard HTTPs service.</P><P>The traffic is dropped on Rule 2 bypassing rule 1 with the custom service.</P><P>Conclusions<BR />The network rules only checked the port number and ignored Protocol Signatures.<BR />In App Control the HTTP Traffic on 443 did not match the custom HTTPs service with enabled Protocol Signatures because it was not real HTTPS traffic. It&nbsp;was then dropped in rule 2 because of the port number.</P><P>So to me this shows that enabling Protocol Signatures only works in the App Control rules and not Network rules would everyone concur?<BR />Am I missing something in my tests?</P><P>The reason behind this is we want to enable Protocol Signatures on a few standard services but do not want the matching of network rules to change.</P> Wed, 26 Oct 2022 07:08:11 GMT spottex 2022-10-26T07:08:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Enabling-Protocol-Signatures-on-a-service-Does-it-affect-Network/m-p/160425#M28276 <P>Reading other community articles we got the impression enabling Protocol Signatures on a service will affect traffic going through Network Policy rules as well as in App Control rules.</P><P>We started to see strange things so I thought I would test in a lab.</P><P>I created a test using<BR />1. The standard HTTPs service<BR />2. Creating a new HTTPS service. TCP Port 443, HTTPs Protocol and enabled Protocol Signatures<BR />3. Created an HTTP (not https) website listening on port 443.</P><P>Added 2 Network rules<BR />1. Accept rule using custom HTTPs service with enabled Protocol Signatures.<BR />2. Drop using the standard HTTPs service.</P><P>Test http traffic on port 443 is allowed on rule 1. i.e. using the custom HTTPS Service with enabled Protocol Signatures</P><P>Adding application control Rules<BR />1. Accept rule using custom HTTPs service with enabled Protocol Signatures<BR />2. Drop using the standard HTTPs service.</P><P>The traffic is dropped on Rule 2 bypassing rule 1 with the custom service.</P><P>Conclusions<BR />The network rules only checked the port number and ignored Protocol Signatures.<BR />In App Control the HTTP Traffic on 443 did not match the custom HTTPs service with enabled Protocol Signatures because it was not real HTTPS traffic. It&nbsp;was then dropped in rule 2 because of the port number.</P><P>So to me this shows that enabling Protocol Signatures only works in the App Control rules and not Network rules would everyone concur?<BR />Am I missing something in my tests?</P><P>The reason behind this is we want to enable Protocol Signatures on a few standard services but do not want the matching of network rules to change.</P> Wed, 26 Oct 2022 07:08:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Enabling-Protocol-Signatures-on-a-service-Does-it-affect-Network/m-p/160425#M28276 spottex 2022-10-26T07:08:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Enabling-Protocol-Signatures-on-a-service-Does-it-affect-Network/m-p/160490#M28283 <P>You are correct, and this is documented in the <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk111841&amp;partition=Basic&amp;product=All" target="_self">R80.10 Release SK</A>&nbsp;(where this was first added).</P> <UL> <LI>Application Control enhancements:</LI> <LI style="list-style-type: none;"> <UL> <LI>Added Recommended Services to Applications for easier configuration of the unified policy.</LI> <LI>Applications matched on Recommended Services, customized set of services, or Any service.</LI> <LI>New Protocol Signature added to Service object, to enhance policy matching security and granularity.</LI> </UL> </LI> </UL> Wed, 26 Oct 2022 18:15:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Enabling-Protocol-Signatures-on-a-service-Does-it-affect-Network/m-p/160490#M28283 PhoneBoy 2022-10-26T18:15:51Z