This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Highlighted
carl_t
Participant
a week ago

Application control question - help

Jump to solution

Hi All

I have a question around application control if it will help me solve an issue.

We use Salesforce in the cloud which is access by some servers, we find we have to keep changing the normal firewall rulebase because it uses Akamai content delivery network with ever changing ip addresses.

My question is, could we use application control to solve this issue?

what would the normal firewall security policy look like for this?

would I allow port 80/443 to anywhere, then create an application policy that denies these servers to all apps except sales force, then create a any any app rule after that?

would this work?

cheers

0 Kudos
2 Solutions

Accepted Solutions
Highlighted
G_W_Albrecht
Champion
Champion
a week ago

Jump to solution

You could use a Domain Object to achieve tis.

View solution in original post

0 Kudos
Highlighted
Timothy_Hall
Champion
Champion
a week ago

Jump to solution

Prior to version R80.10, Domain Objects were most definitely not recommended and could easily cause the issues you mentioned.  However in R80.10 and later the implementation of Domain Objects was significantly revamped, and they are much less likely to cause issues now.  See the SK mentioned earlier in this thread for more info about the changes.

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com

View solution in original post

4 Replies
Highlighted
G_W_Albrecht
Champion
Champion
a week ago

Jump to solution

You could use a Domain Object to achieve tis.

View solution in original post

0 Kudos
Highlighted
carl_t
Participant
a week ago

Jump to solution

Hi, I believe these aren't recommended, we have used before and it caused issues with the dns lookups, also the dns lookups need to come from an authoritative dns servver

0 Kudos
Highlighted
Timothy_Hall
Champion
Champion
a week ago

Jump to solution

Prior to version R80.10, Domain Objects were most definitely not recommended and could easily cause the issues you mentioned.  However in R80.10 and later the implementation of Domain Objects was significantly revamped, and they are much less likely to cause issues now.  See the SK mentioned earlier in this thread for more info about the changes.

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com

View solution in original post

Highlighted
_Val_
Admin
Admin
Monday

Jump to solution

@carl_t , both @Timothy_Hall & @G_W_Albrecht are right, you need to use FQDN domain object. This option is available in R80.x versions.

More info here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos