cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Application Signatures?

I am attempting to create a signature for an Aruba VPN application to use with my Checkpoint App/URL filter.  I see the application ID within my log files (appears to be consistent) and have found a Checkpoint tools called Application Control Signature Tool (ACST) that can be used to create customer application signatures and import them.  However, the information that is being requested by ACST to build this signature is a little above my knowledge level.

Has anyone within this community used ACST to develop a signature for Aruba VPN (application ID 2042272525)?

Does anyone have experience using ACST that could offer some examples to help?

ACST Admin Guide: http://dl3.checkpoint.com/paid/7d/7dc39df4c4c93fcba550b9f2d22768d9/CP_ApplicationControlSignatureToo... 

ACST Download: Signature Tool for custom Application Control and URL Filtering applications 

Many Thanks!

Mike

8 Replies
Admin
Admin

Re: Application Signatures?

It’s possible the ACST isn’t the right answer here for your traffic.

We may be able to create a signature for this, please contact the TAC.

Contact Support | Check Point Software 

0 Kudos

Re: Application Signatures?

Hello Dameon,

I had originally opened a TAC case (3-0234333211) and that is how I found out about ACST; perhaps the tech assigned to my case was not aware that TAC could help create a signature? Should I escalate the case or open another with some different information that could help me get to the proper engineering team?

Thanks,

Mike

0 Kudos
Highlighted
Admin
Admin

Re: Application Signatures?

In some cases R&D needs to create the signature.

Did you provide packet captures as part of the SR? 

0 Kudos

Re: Application Signatures?

No, I did not provide a packet capture… because the support engineer did not request one. Do you know what specifically I need to capture, and whether this needs to be done at the client PC, my firewall (which is the security perimeter gateway), or the far end VPN termination point? If the packet capture needs to be performed at my security gateway firewall, does this mean that I need to have HTTPS inspection enabled on my firewall?

0 Kudos
Admin
Admin

Re: Application Signatures?

I think it may be sufficient to do this from the gateway only.

HTTPS Inspection shouldn't need to be enabled.

0 Kudos

Re: Application Signatures?

Thank you. I will open a new TAC case and start this process.

0 Kudos
Admin
Admin

Re: Application Signatures?

Just to follow up, I checked with R&D and ACST is definitely not the right tool for the job here.

It's something we will likely have to create and the right approach is to open a TAC case as you've done. 

If you hit a roadblock with TAC, please contact me privately.

0 Kudos

Re: Application Signatures?

btw: it's getting time that https inspection policy supports applications created by acst. Smiley Happy 

and now to something completely different
0 Kudos