Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
David_Charnon
Advisor

Application object or Application/Site with URLs - when to use?

Question for the group which I have always struggled with - if you have a choice on how to allow traffic to an internet service, is it better to use an Application (provided by Check Point) or a URL list (provided by the hosting site)?

An example: we have a few servers which need to access certain Microsoft functions. We can create a custom Application/Site and put the list of URLs and IP address provided by Microsoft and use this in the rule. Or, we could use an Application object (e.g. "Microsoft Services", provided I can figure out which one would be the best match) and use this in the rule. Is there a rule of thumb or guideline or best practice for these situations? How have you handled this?

Thanks,

Dave

0 Kudos
5 Replies
David_Charnon
Advisor

I know, bad form to reply to my own post, just bumping this in case it got lost in the CPX euphoria. Curious to know if there is a recommended way to address my problem.

Dave

0 Kudos
PhoneBoy
Admin
Admin

If we have an Updatable Object for the relevant service, then that’s probably the better approach.
Otherwise it depends on the precise application.
Note that some application definitions work better with HTTPS Inspection enabled.

David_Charnon
Advisor

Thanks Dameon,

I assume when you say "Updatable Object", you mean "Applications":

apps.jpg

Or do you really mean "Updatable Objects":

updatable.jpg

My question was about Applications vs. Custom Application/Site with URLs.

I do have https inspection, so we are covered there.

Thanks,

Dave

0 Kudos
K_montalvo
Advisor

0 Kudos
David_Charnon
Advisor

Maybe to make it very clear what I am asking, consider these two rules (in a test policy). The first rule has the Application "ShareFile" as the allowed Services & Applications. The second rule has an Application/Site group (also named "ShareFile") witha list of various URLs as the allowed Services & Applications.

Sharefile.jpg

Have people found one method more reliable than the other? I for one have experienced using the Application does not always capture/recognize all of the traffic you think it should. Is one method less resource intensive on the gateway?

Dave

0 Kudos