This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ahmed_aburaihan
Participant
2 weeks ago

Best Practices for Websites and Applications

Hallo Dear Seniors &  Juniors 

 

I would like to ask about some Best Practices for Firewall Rules: 

1. Best way to create a rule for a list of URLs. 

2. Best way to create Rules for Applications. 

 

Suppose I have a list of 10 URLs or IPs or Applications, I would like create a Rule in Smartconsole, How can this be achieved efficiently considering some Best Practice Approach?

 

Thank you and Kind regards,

Ahmed.

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
2 weeks ago

Most of the problems occur because some desirable applications may be "high risk" (or some other undesirable category of apps) and those tend to be blocked per the configured policy.

The policy should be built by a process that goes something like the following, assuming you are looking to build a typical "block malicious websites/applications and uncategorized ones." 

  • First, identify sites and applications that are explicitly allowed. These should be listed early in the rulebase in an Accept rule.
  • Next, identify the categories of websites you want to block, which can include uncategorized URLs. These should be listed in a Drop rule after the "Explicit Accept" rule. 
  • The rule after the above two can simply allow all "Web Browsing" traffic.

You will have to watch logs for the Drop rule to handle false positives by adding them to the Explicit Accept rule, which should be set with Detailed or possibly Extended logging (Extended includes URLs if HTTPS Inspection is enabled).

0 Kudos
emmap
Employee
Employee
2 weeks ago
In response to PhoneBoy

On top of this, when you are creating custom application/site objects don't put all your URLs into one object, create one with the necessary URLs for each site, then you can put all the custom sites into a group. This way your logging and reporting will make sense.

0 Kudos
PhoneBoy
Admin
Admin
2 weeks ago
In response to emmap

Funny enough, I'm about to do one of my Web Filtering Best Practices sessions and someone asked me about this very thing.
Updated the session to include something about this.

emmap
Employee
Employee
a week ago
In response to PhoneBoy

I've seen custom sites named 'allowed_hosts' with upwards of 100 random URLs in it and people never know why any of them are in there, or what they're supposed to be allowing. It's always painful to unravel.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events