https://community.checkpoint.com/t5/General-Topics/Rule-base-checking-if-Application-control-and-URL-filtering/m-p/24397#M4867 <HTML><HEAD></HEAD><BODY><P>Hi Ratnesh,</P><P></P><P>Got it. If you have R80.10 mgmt. then there are 2 approach. Ordered Layer and Inline Layer.</P><P>If you are going for ordered layer then it is tom to bottom approach for Layers and rule base as well. Here you need to allow traffic in access layer and then it will go to Application control or URL filtering.&nbsp;</P><P>If you are going for Inline Layer then define parent rule first and inside that rule give specific applications.</P><P></P><P>For more clarification, you can see below video.</P><P><A _jive_internal="true" href="https://community.checkpoint.com/videos/5487">https://community.checkpoint.com/videos/5487</A></P></BODY></HTML> Tue, 04 Sep 2018 12:05:09 GMT Gaurav_Pandya 2018-09-04T12:05:09Z https://community.checkpoint.com/t5/General-Topics/Rule-base-checking-if-Application-control-and-URL-filtering/m-p/24394#M4864 <HTML><HEAD></HEAD><BODY><P>Hello Everyone,</P><P></P><P>I have one question. Suppose we have&nbsp; Application control and URL filtering blade is enable in checkpoint firewall.</P><P>So for any outbound access,whether we have to allow access in firewall rule base and Application rule base?</P><P>We know that in Application rule base we have any to any access allowed by default.But we have edited that rule and made it any to any -&gt;drop.&nbsp;</P><P></P><P>So in this case please let us know whether we have to allow access on both blade (Firewall and URL filtering) for outbound access.</P><P></P><P>Thanks</P><P>Ratnesh Singh</P></BODY></HTML> Tue, 04 Sep 2018 09:43:24 GMT https://community.checkpoint.com/t5/General-Topics/Rule-base-checking-if-Application-control-and-URL-filtering/m-p/24394#M4864 Ratnesh_Singh 2018-09-04T09:43:24Z https://community.checkpoint.com/t5/General-Topics/Rule-base-checking-if-Application-control-and-URL-filtering/m-p/24395#M4865 <HTML><HEAD></HEAD><BODY><P>Hi Ratnesh,</P><P></P><P>You need to allow access in both blades.&nbsp;</P><P>Blade matching will be done from Left to Right and Rule base match will be done from Top to Bottom. So first it will check access rule and if it is allowed here then it will go to next blade. Hope this clarifies your query.</P></BODY></HTML> Tue, 04 Sep 2018 10:44:50 GMT https://community.checkpoint.com/t5/General-Topics/Rule-base-checking-if-Application-control-and-URL-filtering/m-p/24395#M4865 Gaurav_Pandya 2018-09-04T10:44:50Z https://community.checkpoint.com/t5/General-Topics/Rule-base-checking-if-Application-control-and-URL-filtering/m-p/24396#M4866 <HTML><HEAD></HEAD><BODY><P>Thanks you for the reply.</P><P>We are using R80.10 MGMT server and I did not get 1st line i.e Blade matching will be done from left to right?</P><P></P><P>Thanks</P></BODY></HTML> Tue, 04 Sep 2018 11:06:05 GMT https://community.checkpoint.com/t5/General-Topics/Rule-base-checking-if-Application-control-and-URL-filtering/m-p/24396#M4866 Ratnesh_Singh 2018-09-04T11:06:05Z https://community.checkpoint.com/t5/General-Topics/Rule-base-checking-if-Application-control-and-URL-filtering/m-p/24397#M4867 <HTML><HEAD></HEAD><BODY><P>Hi Ratnesh,</P><P></P><P>Got it. If you have R80.10 mgmt. then there are 2 approach. Ordered Layer and Inline Layer.</P><P>If you are going for ordered layer then it is tom to bottom approach for Layers and rule base as well. Here you need to allow traffic in access layer and then it will go to Application control or URL filtering.&nbsp;</P><P>If you are going for Inline Layer then define parent rule first and inside that rule give specific applications.</P><P></P><P>For more clarification, you can see below video.</P><P><A _jive_internal="true" href="https://community.checkpoint.com/videos/5487">https://community.checkpoint.com/videos/5487</A></P></BODY></HTML> Tue, 04 Sep 2018 12:05:09 GMT https://community.checkpoint.com/t5/General-Topics/Rule-base-checking-if-Application-control-and-URL-filtering/m-p/24397#M4867 Gaurav_Pandya 2018-09-04T12:05:09Z https://community.checkpoint.com/t5/General-Topics/Rule-base-checking-if-Application-control-and-URL-filtering/m-p/24398#M4868 <HTML><HEAD></HEAD><BODY><P>Actually rulebase matching is a little different in R80.x:</P><P><A href="https://community.checkpoint.com/message/10388">Unified Policy Column-based Rule Matching</A>‌</P><P>Still, when you have multiple ordered policy layers, the connection must match an Accept rule in each layer.</P><P>Also keep in mind that each layer can have a different implicit cleanup rule (either allow or block).</P></BODY></HTML> Tue, 04 Sep 2018 14:08:33 GMT https://community.checkpoint.com/t5/General-Topics/Rule-base-checking-if-Application-control-and-URL-filtering/m-p/24398#M4868 PhoneBoy 2018-09-04T14:08:33Z