Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mike_Schepers
Participant

Application Signatures?

I am attempting to create a signature for an Aruba VPN application to use with my Checkpoint App/URL filter.  I see the application ID within my log files (appears to be consistent) and have found a Checkpoint tools called Application Control Signature Tool (ACST) that can be used to create customer application signatures and import them.  However, the information that is being requested by ACST to build this signature is a little above my knowledge level.

Has anyone within this community used ACST to develop a signature for Aruba VPN (application ID 2042272525)?

Does anyone have experience using ACST that could offer some examples to help?

ACST Admin Guide: http://dl3.checkpoint.com/paid/7d/7dc39df4c4c93fcba550b9f2d22768d9/CP_ApplicationControlSignatureToo... 

ACST Download: Signature Tool for custom Application Control and URL Filtering applications 

Many Thanks!

Mike

10 Replies
PhoneBoy
Admin
Admin

It’s possible the ACST isn’t the right answer here for your traffic.

We may be able to create a signature for this, please contact the TAC.

Contact Support | Check Point Software 

0 Kudos
Mike_Schepers
Participant

Hello Dameon,

I had originally opened a TAC case (3-0234333211) and that is how I found out about ACST; perhaps the tech assigned to my case was not aware that TAC could help create a signature? Should I escalate the case or open another with some different information that could help me get to the proper engineering team?

Thanks,

Mike

0 Kudos
PhoneBoy
Admin
Admin

In some cases R&D needs to create the signature.

Did you provide packet captures as part of the SR? 

0 Kudos
Mike_Schepers
Participant

No, I did not provide a packet capture… because the support engineer did not request one. Do you know what specifically I need to capture, and whether this needs to be done at the client PC, my firewall (which is the security perimeter gateway), or the far end VPN termination point? If the packet capture needs to be performed at my security gateway firewall, does this mean that I need to have HTTPS inspection enabled on my firewall?

0 Kudos
PhoneBoy
Admin
Admin

I think it may be sufficient to do this from the gateway only.

HTTPS Inspection shouldn't need to be enabled.

0 Kudos
Mike_Schepers
Participant

Thank you. I will open a new TAC case and start this process.

0 Kudos
PhoneBoy
Admin
Admin

Just to follow up, I checked with R&D and ACST is definitely not the right tool for the job here.

It's something we will likely have to create and the right approach is to open a TAC case as you've done. 

If you hit a roadblock with TAC, please contact me privately.

0 Kudos
BrunoCiongoli
Collaborator

Hello mates, I hope all is well

I have the same problem with a vpn application,that connect to different server around the world.

The applications are itop VPN and radmin VPN and I want to block this traffic specifically

What should we do? Should I oped a TAC case or use this tool?

Thanks in advance

0 Kudos
PhoneBoy
Admin
Admin

Without knowing precisely how the applications work, I recommend engaging the TAC.

0 Kudos
Vincent_Bacher
Advisor
Advisor

btw: it's getting time that https inspection policy supports applications created by acst. Smiley Happy 

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events