This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ahmed_aburaihan
Contributor
‎2025-08-21 06:13 AM

Best Practices for Websites and Applications

Hallo Dear Seniors &  Juniors 

 

I would like to ask about some Best Practices for Firewall Rules: 

1. Best way to create a rule for a list of URLs. 

2. Best way to create Rules for Applications. 

 

Suppose I have a list of 10 URLs or IPs or Applications, I would like create a Rule in Smartconsole, How can this be achieved efficiently considering some Best Practice Approach?

 

Thank you and Kind regards,

Ahmed.

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2025-08-21 12:44 PM

Most of the problems occur because some desirable applications may be "high risk" (or some other undesirable category of apps) and those tend to be blocked per the configured policy.

The policy should be built by a process that goes something like the following, assuming you are looking to build a typical "block malicious websites/applications and uncategorized ones." 

  • First, identify sites and applications that are explicitly allowed. These should be listed early in the rulebase in an Accept rule.
  • Next, identify the categories of websites you want to block, which can include uncategorized URLs. These should be listed in a Drop rule after the "Explicit Accept" rule. 
  • The rule after the above two can simply allow all "Web Browsing" traffic.

You will have to watch logs for the Drop rule to handle false positives by adding them to the Explicit Accept rule, which should be set with Detailed or possibly Extended logging (Extended includes URLs if HTTPS Inspection is enabled).

emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-08-21 08:53 PM
In response to PhoneBoy

On top of this, when you are creating custom application/site objects don't put all your URLs into one object, create one with the necessary URLs for each site, then you can put all the custom sites into a group. This way your logging and reporting will make sense.

0 Kudos
PhoneBoy
Admin
Admin
‎2025-08-22 03:08 PM
In response to emmap

Funny enough, I'm about to do one of my Web Filtering Best Practices sessions and someone asked me about this very thing.
Updated the session to include something about this.

emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-08-24 07:30 PM
In response to PhoneBoy

I've seen custom sites named 'allowed_hosts' with upwards of 100 random URLs in it and people never know why any of them are in there, or what they're supposed to be allowing. It's always painful to unravel.

0 Kudos
ahmed_aburaihan
Contributor
‎2025-10-09 06:22 AM
In response to PhoneBoy

Hi @PhoneBoy 
Thank you for the input. Let me be somehow specific. 
I want to allow a list of websites of i want to allow some applications:

src: Client-Alpha or Server-Beta
Dst: list of websites (fcm, xxx.yyy.zzz, etc.) / some applications 
Svc: http, https

Question:
Is it better if i create an inline-rule (nested-rule) and put all the those?
or
Is it better if I create a rule in access layer and then goto application layer and do another?

Because sometimes, although access-rule is allowed but communication is not successful, in case of Internet. 

Thank
A.


0 Kudos
PhoneBoy
Admin
Admin
‎2025-10-09 02:31 PM
In response to ahmed_aburaihan

Depends on a number of factors, most of which are covered in my Web Filtering Best Practices session.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events