This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
CP-Shark
Collaborator
‎2022-11-15 04:09 AM

MS Teams in Firewall Ruls on Endpoint

Hi guys,

I need to configure the access to MS Teams in disconnected state on the Endpoint Firewall blade.
On gateways there is the opportunity of using updateable objects. These objects are not available on firewall rule in endpoint side.

I tried to add some updateable objects to a network group, which I can use on endpoint firewall rules but the installation will fail with an internal error.

So are there other options to handle all the domains, IPs etc. for firewall rules?

Looking forward to your ideas.

Cheers,
Olli

CCES / CCSA / CCSE
0 Kudos
7 Replies
the_rock
MVP Platinum
MVP Platinum
‎2022-11-15 07:29 AM

I will do my best to help you out. Not really an endpoint person, but I have access to few environments, so can definitely look into it. Would you mind send a screenshot of what you tried? You can blur out any sensitive info.

Btw, I do see in the policy there is an option to add url filtering exclusions. What I always do on the firewall is this...say you want to allow ANYTHING microsoft, I just do *microsoft* and works 100% of the time, never had an issue, not once.

Cheers,

Andy

Best,
Andy
0 Kudos
CP-Shark
Collaborator
‎2022-11-16 07:51 AM
In response to the_rock

Hi Andy,

@the_rock wrote:

I will do my best to help you out. Not really an endpoint person, but I have access to few environments, so can definitely look into it. Would you mind send a screenshot of what you tried? You can blur out any sensitive info.

Btw, I do see in the policy there is an option to add url filtering exclusions. What I always do on the firewall is this...say you want to allow ANYTHING microsoft, I just do *microsoft* and works 100% of the time, never had an issue, not once.

Cheers,

Andy

URL Filter is not an option on Check Point Harmony (Endpoint) and *microsoft* is not supported on end point firewall rules.

CCES / CCSA / CCSE
0 Kudos
MikeB
Advisor
‎2022-11-15 08:24 AM

You could try the other Harmony Endpoint modules:

  • Application Control: to allow or disallow the MS Teams program to run or access the network.
  • URL Filtering: To block access to MS Teams domains.
CP-Shark
Collaborator
‎2022-11-16 07:53 AM
In response to MikeB

Application control on end point or on perimeter? 
If is could be an option the question is what will win? Firewall or application policy?

CCES / CCSA / CCSE
0 Kudos
PhoneBoy
Admin
Admin
‎2022-11-16 12:53 PM
In response to CP-Shark

Both of these are options on Harmony Endpoint (what the question was about).

0 Kudos
MikeB
Advisor
‎2022-11-18 05:31 PM
In response to CP-Shark

For your use case at the endpoint level....in my opinion the best way would be through Appication Control (to allow or disallow the MS TEAMS program/process to run or access the network.)

the_rock
MVP Platinum
MVP Platinum
‎2022-11-18 05:40 PM
In response to MikeB

Agree 100%.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events