This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dorjm
Explorer
‎2024-09-30 03:31 AM

Application control policy

We are a small data center company with a few customers. Some of them need to be inspected by Application Control, while others do not. We currently have around 500 access control rules, which are quite messy.

1.Will enabling Application Control in a unified policy (within the access control policy) affect resources, even if we are only using service-based rules? Will it still inspect traffic up to Layer 7?

2.We are trying to enable an Application Control policy. Should I add a new application layer, or is it better to integrate it into a unified policy (within the access control policy) to manage resources efficiently? or without service down?

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2024-09-30 07:25 AM

It is usually simpler to do the first approach (enable App Control in the existing Access Policy layer).
The contents of the "Services/Applications" column as well as the usage of Detailed/Extended Logs will determine the level of inspection done.
For best performance (i.e. full acceleration by SecureXL), rules involving simple TCP/UDP services should be higher in the rulebase than ones that involve URL Filtering Categories or Application Control signatures.

There are two ways you can do a separate layer for Application Control:

  • Ordered Layer (which means that ALL traffic will have to hit an Accept rule in BOTH layers to be permitted...slightly more complicated policy structure)
  • Inline Layers, which only processes traffic when the top-level rule is matched. For example, only traffic between Internal Zone and External Zone that is http/https (a simple TCP service) will match Rule 1 and thus be subject to the 1.x rules that involve App Control. 

image.png

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events