Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Yatiraj_Panchal
Contributor

How URL filtering and Application control work in Checkpoint Firewall

Jump to solution

Hello Everyone, 

I want to know about "how URL filtering and Application Control work in checkpoint Firewall:. 

 

Thanks in advance!!!

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Champion
Champion

See sk92743: ATRG: URL Filtering and sk73220: ATRG: Application Control ! Here you find details about the the internal working of these two blades.

View solution in original post

8 Replies
PhoneBoy
Admin
Admin
I recommend reading the product documentation.
Assuming R80.20: https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_NextGenSecurityGateway_Gu...
The section on How to Create an Access Policy is where this is discussed and there is a whole section on App Control and URL Filtering.
Yatiraj_Panchal
Contributor
This document provides only the configuration part, I'm looking for internal process or working of URL filtering and Application control.
0 Kudos
G_W_Albrecht
Champion
Champion

See sk92743: ATRG: URL Filtering and sk73220: ATRG: Application Control ! Here you find details about the the internal working of these two blades.

View solution in original post

Yatiraj_Panchal
Contributor

Thanks for the solution, this is similar what I expect. 

0 Kudos
PhoneBoy
Admin
Admin
Most Software Blades use the same basic architecture.
Here are a couple of documents that show the packet flow in different ways:

https://community.checkpoint.com/t5/General-Topics/R80-x-Security-Gateway-Architecture-Logical-Packe...
https://community.checkpoint.com/t5/General-Topics/Simplified-Packet-Flow-document/m-p/16076

If you could tell us the actual problem you're trying to solve, we might be able to provide you with the documentation you need.
0 Kudos
Yatiraj_Panchal
Contributor
Thanks for the reply.

I want to know working of Application control and URL filtering.
Actually, you provide me packet flow.

I want to know like: if any application comes to Checkpoint then how checkpoint identify the application is Skype or Facebook or etc.
Is there any specific unique code for every application and same for the URL.
May be in URL is matching pattern, I think so.
0 Kudos
cwilliams
Employee Alumnus
Employee Alumnus

I believe the answer to your question is the following: Each known application has an associated Application ID. You are able to see the Application ID in the logs. In R80 you can modify the default view and add the column manually. Hope this helps.

0 Kudos
PhoneBoy
Admin
Admin
Application Control uses signatures similar to IPS to determine what application a given traffic flow is.
URLs accessed do factor into this also.

URL Filtering is similar but it merely uses the URL and not other characteristics.
A different online database is consulted for the categorization in this case.