This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Firewall_Head
Explorer
‎2025-02-18 04:23 AM

Abnormality in pattern matching of APP CONTRL BLADE

Hi Checkmates,

 

I have a security policy created for communication between a pair of device, I'm using a custom created TCP high port (TCP 30K+) in service and no applications are mentioned inside the rule. But when I'm checking the logs it is matched against an APP named net.TCP.

Can someone shed light on how this is happening, how is traffic matched against an APP which I never specified in the rule.

Thanks in advance!

 

======

WR,

FH

Preview file
38 KB
0 Kudos
40 Replies
the_rock
MVP Platinum
MVP Platinum
‎2025-03-21 06:06 AM
In response to Firewall_Head

Can you check if app database is updates from smart console?

Andy

 

Best,
Andy
Preview file
68 KB
0 Kudos
Firewall_Head
Explorer
‎2025-03-21 06:27 AM
In response to the_rock

Looks good.

======

WR,

FH

0 Kudos
Firewall_Head
Explorer
‎2025-03-21 06:38 AM
In response to the_rock

It looks fine Andy.

====

WR,

FH

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-03-21 06:40 AM
In response to Firewall_Head

Send me direct message at noon EST (9.30 IST) and I can send you zoom.

Andy

Best,
Andy
0 Kudos
Firewall_Head
Explorer
‎2025-03-21 07:28 AM
In response to the_rock

Sure Andy, will do.

======

WR,

FH

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-03-21 09:46 AM
In response to Firewall_Head

Hey guys,

Tx for the remote. Just to update, below is what I mentioned about adding whatever services needed to customize the category services.

Btw, I will try test smart event shortly for automatic reaction.

Andy

Best,
Andy
Preview file
74 KB
the_rock
MVP Platinum
MVP Platinum
‎2025-03-21 03:22 PM
In response to Firewall_Head

Hey bro,

For smart event automatic reaction, for the email alerts, see what I set up in the lab, will see if it actually works, I just used basic gmail, thats it.

Andy

Best,
Andy
Preview file
29 KB
Preview file
105 KB
Preview file
69 KB
Preview file
112 KB
Firewall_Head
Explorer
‎2025-03-27 06:26 AM
In response to the_rock

Hey Andy, @the_rock 

Hope you are doing well!

How were you able to pull off the configuration by using gmail?

Doesn't it need a password for authentication? (APP PASSWORD)

=====

WR,

FH @Chinmaya_Naik 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-03-27 06:31 AM
In response to Firewall_Head

Hey man,

So sorry, was preoccupied with AV issue I have going on with a customer, so did not have chance to revisit this. Had to rebuild the smart event, so let me try it again and will update you either tomorrow or next week.

Andy

Best,
Andy
0 Kudos
Firewall_Head
Explorer
‎2025-03-27 06:37 AM
In response to the_rock

Thanks for the reply man.

We will discuss tomorrow then!

=====

WR,

FH

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-03-27 06:40 AM
In response to Firewall_Head

Lets check next week 🙂

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events