This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
David_Charnon
Advisor
‎2022-01-27 01:01 PM

Application object or Application/Site with URLs - when to use?

Question for the group which I have always struggled with - if you have a choice on how to allow traffic to an internet service, is it better to use an Application (provided by Check Point) or a URL list (provided by the hosting site)?

An example: we have a few servers which need to access certain Microsoft functions. We can create a custom Application/Site and put the list of URLs and IP address provided by Microsoft and use this in the rule. Or, we could use an Application object (e.g. "Microsoft Services", provided I can figure out which one would be the best match) and use this in the rule. Is there a rule of thumb or guideline or best practice for these situations? How have you handled this?

Thanks,

Dave

0 Kudos
5 Replies
David_Charnon
Advisor
‎2022-01-31 07:05 AM

I know, bad form to reply to my own post, just bumping this in case it got lost in the CPX euphoria. Curious to know if there is a recommended way to address my problem.

Dave

0 Kudos
PhoneBoy
Admin
Admin
‎2022-02-01 10:23 PM

If we have an Updatable Object for the relevant service, then that’s probably the better approach.
Otherwise it depends on the precise application.
Note that some application definitions work better with HTTPS Inspection enabled.

David_Charnon
Advisor
‎2022-02-02 10:31 AM
In response to PhoneBoy

Thanks Dameon,

I assume when you say "Updatable Object", you mean "Applications":

apps.jpg

Or do you really mean "Updatable Objects":

updatable.jpg

My question was about Applications vs. Custom Application/Site with URLs.

I do have https inspection, so we are covered there.

Thanks,

Dave

0 Kudos
K_montalvo
Advisor
‎2022-02-02 11:21 AM
In response to David_Charnon

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
David_Charnon
Advisor
‎2022-02-02 02:03 PM
In response to K_montalvo

Maybe to make it very clear what I am asking, consider these two rules (in a test policy). The first rule has the Application "ShareFile" as the allowed Services & Applications. The second rule has an Application/Site group (also named "ShareFile") witha list of various URLs as the allowed Services & Applications.

Sharefile.jpg

Have people found one method more reliable than the other? I for one have experienced using the Application does not always capture/recognize all of the traffic you think it should. Is one method less resource intensive on the gateway?

Dave

0 Kudos
Labels