This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Westlund
Collaborator
Collaborator
‎2024-05-07 09:11 AM

Block outbound traffic except updates

Customer has a requirement to block all DMZ outbound traffic, except for updates and patches. They wanted to block all browser traffic and allow everything else. For one thing, I found we need to turn on HTTPS inspection for that. My first question is, if we blocked browser traffic, would that allow updates for their servers? Or would that traffic get blocked as well? My second question is, could we block all traffic except for updates to their servers, which I would have to analyze logs to find out what their attempts are? If so, what kind of objects would I use to allow updates and where are they in SmartConsole? Or is there a better way to do this?

0 Kudos
3 Replies
the_rock
Legend
Legend
‎2024-05-07 09:53 AM

Wow, thats a tricky one, for sure. I checked in my lab where I do have https inspection enabled and when you search for "update" in services and applications, you get a lot of things, 73 as a matter of fact. Now, if you search for same in updatable objects, there is about the same amount, but not sure if that would work the way they want either.

Maybe TAC case would not be a bad idea here to confirm this.

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2024-05-07 04:20 PM

It depends on how the applications access their updates as to whether they will be treated as web browsing.
Depending on the application, there may be Updatable Objects that you can use in the Access Policy to allow traffic to the relevant locations.

HTTPS Inspection will likely not help here.

the_rock
Legend
Legend
‎2024-05-07 04:31 PM
In response to PhoneBoy

Thats my thinking as well...https inspection may not be of much use in this case.

0 Kudos
Upcoming Events

    CheckMates Events