Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
carl_t
Contributor
Jump to solution

Application control question - help

Hi All

I have a question around application control if it will help me solve an issue.

We use Salesforce in the cloud which is access by some servers, we find we have to keep changing the normal firewall rulebase because it uses Akamai content delivery network with ever changing ip addresses.

My question is, could we use application control to solve this issue?

what would the normal firewall security policy look like for this?

would I allow port 80/443 to anywhere, then create an application policy that denies these servers to all apps except sales force, then create a any any app rule after that?

would this work?

cheers

0 Kudos
2 Solutions

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

You could use a Domain Object to achieve tis.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
Timothy_Hall
Legend Legend
Legend

Prior to version R80.10, Domain Objects were most definitely not recommended and could easily cause the issues you mentioned.  However in R80.10 and later the implementation of Domain Objects was significantly revamped, and they are much less likely to cause issues now.  See the SK mentioned earlier in this thread for more info about the changes.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

4 Replies
G_W_Albrecht
Legend Legend
Legend

You could use a Domain Object to achieve tis.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
carl_t
Contributor

Hi, I believe these aren't recommended, we have used before and it caused issues with the dns lookups, also the dns lookups need to come from an authoritative dns servver

0 Kudos
Timothy_Hall
Legend Legend
Legend

Prior to version R80.10, Domain Objects were most definitely not recommended and could easily cause the issues you mentioned.  However in R80.10 and later the implementation of Domain Objects was significantly revamped, and they are much less likely to cause issues now.  See the SK mentioned earlier in this thread for more info about the changes.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
_Val_
Admin
Admin

@carl_t , both @Timothy_Hall & @G_W_Albrecht are right, you need to use FQDN domain object. This option is available in R80.x versions.

More info here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events