This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
flachance
MVP Silver
MVP Silver
‎2023-08-29 11:01 AM

Is there a way to block an app or process to access the Internet

Is there a way with either the gateway or the endpoint client to block an app or process to access the Internet?

We don't want to restrict the app from running but we don't want it to access the Internet.

Francis

0 Kudos
7 Replies
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2023-08-29 11:10 AM

You can use the Application Control and URL Filtering blades on the Security Gateway. 

In Rulebase add the relevant application to the Services & Applications column:

 

Applications.png

 

 

0 Kudos
flachance
MVP Silver
MVP Silver
‎2023-08-30 05:13 AM
In response to Tal_Paz-Fridman

Yes our problem is it's some small/obscure app that is not part of Checkpoint applications list

0 Kudos
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2023-08-30 05:44 AM
In response to flachance

For that you can create a custom application using the URLs it uses

 

New Application.png

 

the_rock
MVP Platinum
MVP Platinum
‎2023-08-30 06:42 AM
In response to flachance

As @Tal_Paz-Fridman said, thats your best bet, for sure. As a matter of fact, I did the same in my lab and few customers and works 100% of the time.

Below is example in my R81.20 lab.

Andy

 

 

 

Screenshot_1.png

Best,
Andy
0 Kudos
flachance
MVP Silver
MVP Silver
‎2023-09-05 07:45 AM
In response to the_rock

hmmm ok. But this feels more like URL filtering. You'd have to know where the app might try to connect to which is not our case unfortunately

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-08-29 11:18 AM

Yes Francis, as @Tal_Paz-Fridman said, you can use app control/urlf for this. I can show you in my R81.20 lab where I have dedicated ordered layer just for this.

Andy

 

Screenshot_1.png

Best,
Andy
0 Kudos
RS_Daniel
Advisor
Advisor
‎2023-09-05 08:17 AM

Hello,

Yes, there is. I think both fw and endpoint can do it, but if you have endpoint much better. You can use Application Control blade and you two options, terminate the app when it starts to run, or terminate the app when it tries to connect to network.

https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/...

On firewall it is also possible, you can use the option provieded before (yes it is more like URL filtering feture). Or you can create a custom signature for specific application.

https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/...

On both cases you must know where  the app might tries to connect (If not, how could the firewall know what it has to block?). If you do not know you can always take some traffic captures and check.

Regards

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events