Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

Application control question - help

Jump to solution

Hi All

I have a question around application control if it will help me solve an issue.

We use Salesforce in the cloud which is access by some servers, we find we have to keep changing the normal firewall rulebase because it uses Akamai content delivery network with ever changing ip addresses.

My question is, could we use application control to solve this issue?

what would the normal firewall security policy look like for this?

would I allow port 80/443 to anywhere, then create an application policy that denies these servers to all apps except sales force, then create a any any app rule after that?

would this work?

cheers

0 Kudos
Reply
2 Solutions

Accepted Solutions
Highlighted
Champion
Champion

You could use a Domain Object to achieve tis.

View solution in original post

0 Kudos
Reply
Highlighted
Champion
Champion

Prior to version R80.10, Domain Objects were most definitely not recommended and could easily cause the issues you mentioned.  However in R80.10 and later the implementation of Domain Objects was significantly revamped, and they are much less likely to cause issues now.  See the SK mentioned earlier in this thread for more info about the changes.

Gaia 3.10 Immersion Self-paced Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

4 Replies
Highlighted
Champion
Champion

You could use a Domain Object to achieve tis.

View solution in original post

0 Kudos
Reply
Highlighted
Participant

Hi, I believe these aren't recommended, we have used before and it caused issues with the dns lookups, also the dns lookups need to come from an authoritative dns servver

0 Kudos
Reply
Highlighted
Champion
Champion

Prior to version R80.10, Domain Objects were most definitely not recommended and could easily cause the issues you mentioned.  However in R80.10 and later the implementation of Domain Objects was significantly revamped, and they are much less likely to cause issues now.  See the SK mentioned earlier in this thread for more info about the changes.

Gaia 3.10 Immersion Self-paced Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

Highlighted
Admin
Admin

@carl_t , both @Timothy_Hall & @G_W_Albrecht are right, you need to use FQDN domain object. This option is available in R80.x versions.

More info here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos
Reply