- Products
- Learn
- Local User Groups
- Partners
-
More
It's Here!
CPX 360 2021 Content
Check Point Harmony
Highest Level of Security for Remote Users
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
Advanced Protection for
Small and Medium Business
Secure Endpoints from
the Sunburst Attack
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi All
I have a question around application control if it will help me solve an issue.
We use Salesforce in the cloud which is access by some servers, we find we have to keep changing the normal firewall rulebase because it uses Akamai content delivery network with ever changing ip addresses.
My question is, could we use application control to solve this issue?
what would the normal firewall security policy look like for this?
would I allow port 80/443 to anywhere, then create an application policy that denies these servers to all apps except sales force, then create a any any app rule after that?
would this work?
cheers
You could use a Domain Object to achieve tis.
Prior to version R80.10, Domain Objects were most definitely not recommended and could easily cause the issues you mentioned. However in R80.10 and later the implementation of Domain Objects was significantly revamped, and they are much less likely to cause issues now. See the SK mentioned earlier in this thread for more info about the changes.
You could use a Domain Object to achieve tis.
Hi, I believe these aren't recommended, we have used before and it caused issues with the dns lookups, also the dns lookups need to come from an authoritative dns servver
Prior to version R80.10, Domain Objects were most definitely not recommended and could easily cause the issues you mentioned. However in R80.10 and later the implementation of Domain Objects was significantly revamped, and they are much less likely to cause issues now. See the SK mentioned earlier in this thread for more info about the changes.
@carl_t , both @Timothy_Hall & @G_W_Albrecht are right, you need to use FQDN domain object. This option is available in R80.x versions.
More info here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY