https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-Access-to-MS-Active-Directory-Services/m-p/10923#M91454 <HTML><HEAD></HEAD><BODY><P>If an Application Control signature exists, you should use it.</P><P>In terms of the ports allowed, they are identical.</P><P>The signature does provide extra checking.</P></BODY></HTML> Sun, 28 Oct 2018 13:54:11 GMT PhoneBoy 2018-10-28T13:54:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-Access-to-MS-Active-Directory-Services/m-p/10920#M91451 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P>I would like to know what Service object do you prefer to use to r<SPAN>estrict access to Active Directory services.</SPAN></P><P><SPAN>In Application Control Blade there is a Application signature "Active Directory"</SPAN></P><P></P><P><SPAN><IMG alt="Active Directory Object" class="image-1 jive-image j-img-original" src="https://community.checkpoint.com/legacyfs/online/checkpoint/72915_AD_object.PNG" /></SPAN></P><P><SPAN>policy rule:</SPAN></P><P><SPAN><IMG alt="policy" class="image-2 jive-image j-img-original" src="https://community.checkpoint.com/legacyfs/online/checkpoint/72916_access_policy.PNG" /></SPAN></P><P></P><P>Or&nbsp; do you prefer to place in Service &amp; Application column all needed services:</P><P></P><P><IMG alt="policy2" class="image-3 jive-image j-img-original" src="https://community.checkpoint.com/legacyfs/online/checkpoint/72917_access_policy2.PNG" /></P><P></P><P>Which one is the more secure ?</P><P></P><P>Thanks</P></BODY></HTML> Sun, 28 Oct 2018 07:41:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-Access-to-MS-Active-Directory-Services/m-p/10920#M91451 s_milidrag 2018-10-28T07:41:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-Access-to-MS-Active-Directory-Services/m-p/10921#M91452 <HTML><HEAD></HEAD><BODY><P>The answer would depend on how your LDAP server has been configured. If the server listens on TCP and UDP port 389, which is the default configuration, then you would have to include the following services:</P><P></P><P>ldap_udp(UDP/389)</P><P>ldap(TCP/389)</P><P></P><P>If your question is about which is the most secure protocol, then the answer would be ldap-ssl(TCP/636) as it will allow LDAP-related traffic to be encrypted.&nbsp;</P><P></P><P>Once again though, the service selected will depend on your LDAP server's configuration.</P></BODY></HTML> Sun, 28 Oct 2018 10:02:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-Access-to-MS-Active-Directory-Services/m-p/10921#M91452 Nick_Doropoulos 2018-10-28T10:02:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-Access-to-MS-Active-Directory-Services/m-p/10922#M91453 <HTML><HEAD></HEAD><BODY><P>Thanks Nicholas,</P><P></P><P>Thanks you for your answer,</P><P>Maybe I was not so clear.</P><P>There is Application Signature "Active Directory" which should recognized all Active Directory services (tcp/135, tcp/138, ldap_udp, ldap, Kerberos, nbname ......)</P><P></P><P><SPAN>So my question is what is more secure/preferable to use in Services &amp; Applications&nbsp;</SPAN>column:</P><P></P><P><IMG alt="policy3" class="image-1 jive-image j-img-original" src="https://community.checkpoint.com/legacyfs/online/checkpoint/72919_access_policy.PNG" /></P><P></P><P>OR</P><P></P><P><IMG alt="policy4" class="image-2 jive-image j-img-original" src="https://community.checkpoint.com/legacyfs/online/checkpoint/72920_access_policy2.PNG" /></P><P></P><P>Thanks</P></BODY></HTML> Sun, 28 Oct 2018 12:32:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-Access-to-MS-Active-Directory-Services/m-p/10922#M91453 s_milidrag 2018-10-28T12:32:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-Access-to-MS-Active-Directory-Services/m-p/10923#M91454 <HTML><HEAD></HEAD><BODY><P>If an Application Control signature exists, you should use it.</P><P>In terms of the ports allowed, they are identical.</P><P>The signature does provide extra checking.</P></BODY></HTML> Sun, 28 Oct 2018 13:54:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-Access-to-MS-Active-Directory-Services/m-p/10923#M91454 PhoneBoy 2018-10-28T13:54:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-Access-to-MS-Active-Directory-Services/m-p/204556#M91455 <P>I wish it could work properly, but it doesn't.</P><P>I created two rules, the first one allowing active directory application.</P><P>The second rules allow all Microsoft services.</P><P>The second rule matches more times than the first one.</P><P>Finally, I has to open by services.</P><P>Does anybody has the expected result?</P><P>&nbsp;</P> Tue, 30 Jan 2024 13:32:26 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Restrict-Access-to-MS-Active-Directory-Services/m-p/204556#M91455 Ilovecheckpoint 2024-01-30T13:32:26Z