Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PhongNN
Contributor
Jump to solution

SecureXL and Application Control Layer

Hi experts

I have a question about SecureXL

There is a policy package with 2 Layer: Network ( only Firewall enabled ) and App ( only App&URL enabled )

For accessing to the Internet, I have a rule in Layer network like this:

Src: x.x.x.x  Dst:Any  service: http,https

I must create the same rule in layer App, because we set action DROP on cleanup rule:

Src: x.x.x.x  Dst:Any  service: http,https

So is the traffic accelerating ?

Thank you

Regards

1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion

Hi @PhongNN,

In principle the connection is processed by SecureXL if it is SecureXL compliant.

If the connection must be checked for content, the PSLXL path (old name PXL) is used. Otherwise the acceleration path is used.

From R80.20 on there are differences in the processing compared to R80.10. The picture shows you the processing in the FW.

sxl.JPG

More read here:
R80.x - Security Gateway Architecture (Logical Packet Flow)

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

2 Replies
HeikoAnkenbrand
Champion Champion
Champion

Hi @PhongNN,

In principle the connection is processed by SecureXL if it is SecureXL compliant.

If the connection must be checked for content, the PSLXL path (old name PXL) is used. Otherwise the acceleration path is used.

From R80.20 on there are differences in the processing compared to R80.10. The picture shows you the processing in the FW.

sxl.JPG

More read here:
R80.x - Security Gateway Architecture (Logical Packet Flow)

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
PhongNN
Contributor

Hi Heiko

Thank you so much for your reply

But i have a question

With layer App ( only App&Url enabled ), in Services & Applications column, only have https and http.

It means FW will not inspection content,right ? 

If i enable both App&URL and FW for layer App, so FW will inspect when S&A column have any one Application, and won't inspect when there are any services ( like https,http, ssh )

sorry for my poor english
Thank you so much
Regards
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events