Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

About protocol detection

i want to learn about protocol detection?whats the difference?

Thanks

0 Kudos
3 Replies
Highlighted
Pearl

I am not sure what you are referring to in the question "What's the difference"?

Each protocol is unique and CP has a signatures defined to identify those, presumably tracking the RFC compliance:

CP, UDP, and SCTP General Options
Protocol. Select the protocol type associated with the service, and by implication, the management server (if any) that enforces Content Security and Authentication for the service. Selecting a Protocol Type invokes the specific protocol handlers for each protocol type, thus enabling higher level of security by parsing the protocol, and higher level of connectivity by tracking dynamic actions (such as opening of ports).
Protocol Signature. Check Point has created a unique signature for each protocol and stored it on the gateway. The signature identifies the protocol as genuine. Select this option to limit the port to the specified protocol.
Port is the number of the port used to provide this service. To specify a port range, place a hyphen between the lowest and highest port numbers, for example 44-55.

If you would like to define custom application signatures, this may be useful:

Signature Tool for custom Application Control and URL Filtering applications 

Highlighted
Admin
Admin

I discuss this topic in the Application Control sense here: http://phoneboy.org/2016/12/14/which-comes-first-the-ports-or-the-application-id/ 

Highlighted
Nickel

thanks very much.

0 Kudos