This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
carl_t
Contributor
‎2020-10-16 02:39 AM
Jump to solution

Application control question - help

Hi All

I have a question around application control if it will help me solve an issue.

We use Salesforce in the cloud which is access by some servers, we find we have to keep changing the normal firewall rulebase because it uses Akamai content delivery network with ever changing ip addresses.

My question is, could we use application control to solve this issue?

what would the normal firewall security policy look like for this?

would I allow port 80/443 to anywhere, then create an application policy that denies these servers to all apps except sales force, then create a any any app rule after that?

would this work?

cheers

0 Kudos
2 Solutions

Accepted Solutions
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-10-16 02:53 AM
Jump to solution

You could use a Domain Object to achieve tis.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2020-10-16 04:23 AM
In response to carl_t
Jump to solution

Prior to version R80.10, Domain Objects were most definitely not recommended and could easily cause the issues you mentioned.  However in R80.10 and later the implementation of Domain Objects was significantly revamped, and they are much less likely to cause issues now.  See the SK mentioned earlier in this thread for more info about the changes.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

View solution in original post

4 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-10-16 02:53 AM
Jump to solution

You could use a Domain Object to achieve tis.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
carl_t
Contributor
‎2020-10-16 03:25 AM
In response to G_W_Albrecht
Jump to solution

Hi, I believe these aren't recommended, we have used before and it caused issues with the dns lookups, also the dns lookups need to come from an authoritative dns servver

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2020-10-16 04:23 AM
In response to carl_t
Jump to solution

Prior to version R80.10, Domain Objects were most definitely not recommended and could easily cause the issues you mentioned.  However in R80.10 and later the implementation of Domain Objects was significantly revamped, and they are much less likely to cause issues now.  See the SK mentioned earlier in this thread for more info about the changes.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
_Val_
Admin
Admin
‎2020-10-19 03:05 AM
In response to carl_t
Jump to solution

@carl_t , both @Timothy_Hall & @G_W_Albrecht are right, you need to use FQDN domain object. This option is available in R80.x versions.

More info here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events