This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
carl_t
Participant
‎2020-10-16 02:39 AM

Application control question - help

Jump to solution

Hi All

I have a question around application control if it will help me solve an issue.

We use Salesforce in the cloud which is access by some servers, we find we have to keep changing the normal firewall rulebase because it uses Akamai content delivery network with ever changing ip addresses.

My question is, could we use application control to solve this issue?

what would the normal firewall security policy look like for this?

would I allow port 80/443 to anywhere, then create an application policy that denies these servers to all apps except sales force, then create a any any app rule after that?

would this work?

cheers

0 Kudos
2 Solutions

Accepted Solutions
G_W_Albrecht
Legend
Legend
‎2020-10-16 02:53 AM

Jump to solution

You could use a Domain Object to achieve tis.

View solution in original post

0 Kudos
Timothy_Hall
Champion
Champion
‎2020-10-16 04:23 AM
In response to carl_t

Jump to solution

Prior to version R80.10, Domain Objects were most definitely not recommended and could easily cause the issues you mentioned.  However in R80.10 and later the implementation of Domain Objects was significantly revamped, and they are much less likely to cause issues now.  See the SK mentioned earlier in this thread for more info about the changes.

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

4 Replies
G_W_Albrecht
Legend
Legend
‎2020-10-16 02:53 AM

Jump to solution

You could use a Domain Object to achieve tis.

View solution in original post

0 Kudos
carl_t
Participant
‎2020-10-16 03:25 AM
In response to G_W_Albrecht

Jump to solution

Hi, I believe these aren't recommended, we have used before and it caused issues with the dns lookups, also the dns lookups need to come from an authoritative dns servver

0 Kudos
Timothy_Hall
Champion
Champion
‎2020-10-16 04:23 AM
In response to carl_t

Jump to solution

Prior to version R80.10, Domain Objects were most definitely not recommended and could easily cause the issues you mentioned.  However in R80.10 and later the implementation of Domain Objects was significantly revamped, and they are much less likely to cause issues now.  See the SK mentioned earlier in this thread for more info about the changes.

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

_Val_
Admin
Admin
‎2020-10-19 03:05 AM
In response to carl_t

Jump to solution

@carl_t , both @Timothy_Hall & @G_W_Albrecht are right, you need to use FQDN domain object. This option is available in R80.x versions.

More info here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos
Labels