Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Thecoder
Collaborator

About protocol detection

i want to learn about protocol detection?whats the difference?

Thanks

0 Kudos
3 Replies
Vladimir
Champion
Champion

I am not sure what you are referring to in the question "What's the difference"?

Each protocol is unique and CP has a signatures defined to identify those, presumably tracking the RFC compliance:

CP, UDP, and SCTP General Options
Protocol. Select the protocol type associated with the service, and by implication, the management server (if any) that enforces Content Security and Authentication for the service. Selecting a Protocol Type invokes the specific protocol handlers for each protocol type, thus enabling higher level of security by parsing the protocol, and higher level of connectivity by tracking dynamic actions (such as opening of ports).
Protocol Signature. Check Point has created a unique signature for each protocol and stored it on the gateway. The signature identifies the protocol as genuine. Select this option to limit the port to the specified protocol.
Port is the number of the port used to provide this service. To specify a port range, place a hyphen between the lowest and highest port numbers, for example 44-55.

If you would like to define custom application signatures, this may be useful:

Signature Tool for custom Application Control and URL Filtering applications 

PhoneBoy
Admin
Admin

I discuss this topic in the Application Control sense here: http://phoneboy.org/2016/12/14/which-comes-first-the-ports-or-the-application-id/ 

Thecoder
Collaborator

thanks very much.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events