Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mian
Participant

Application Control Migration

Is there any Check Point tool or document that goes over the process of migrating L3/L4 based rules into Application based rules i.e. to get away from simple port numbers ?  Are there any recommended process or best practices ?  

Thanks

Mian

0 Kudos
2 Replies
Mian
Participant

My question is related to CP Security Gateways i.e. converting port based rules in the CP to application based rules in the CP. 

0 Kudos
PhoneBoy
Admin
Admin

To be clear, you should never get away from port numbers even as you adopt application-based rules.
Something I wrote a while ago that's still mostly relevant:
https://phoneboy.org/2016/12/14/which-comes-first-the-ports-or-the-application-id/

Even if you were just using firewall only, some of the services you're already using are basically application-based rules.
This was the case well before R80.
That said, Application Control supports a wider range of applications than we supported in the past.
If you've never used our Application Control before and want to start using it, the easiest way is to just enable it with your existing rulebase in place.
To ensure Application Control fully "sees" the traffic, set your rules to log as "Detailed" or "Extended" (if you want all the URLs people access).

Note: if you only have Firewall/VPN enabled currently, exercise some caution here as this will have a performance impact.
If you have IPS or other Threat Prevention blades, App Control won't add too much additional performance impact.

Based on what you see in the logs, you can add some additional rules to block traffic.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events