- Local User Groups
I am Dr. Dorit Dor
Ask Me Anything
Check Point for Beginners
Welcome to the
Working From Home
Review Check Point,
Win Apple AirPods!
You're Using It Wrong
Hello, engineers, I would like to know the workflow difference between creating domain and Custom Applications/Sites to create urls
For example, I want to visit ".checkpoint.com" to use the Domain for configuration or the Custom Applications/Sites creation URL？
In very simple terms, a Domain Object attempts to make an association between a DNS name and an IP address.
You can use a Domain Object in the rulebase similar to a host object that represents a single IP address.
As such, it can be used in a pure firewall rulebase without App Control or other advanced blades as it doesn't require any Layer 7 inspection.
The (reverse) DNS resolution effectively happens "out of band."
This approach has a couple limitations:
An Application/Site is effectively an App Control signature that operates at Layer 7.
It's a fairly simplistic App Control signature that identifies that traffic is:
If the traffic is not web-based and/or App Control can't determine it's destined for one of the domains listed, then it will not match the traffic.
There are reasons that both approaches are available.
You have to use the one that is appropriate for the problem you're trying to solve.
The more information you can provide about your environment and precisely what your goal is, the more likely we can tell you what approach will work best.
Hey Daemon, I should have asked you this one 20 years ago. I kept meaning to test it to see how it operated, but it was never important enough to spend the time on.... I mean, who actually USES domain objects? I have some follow up questions for clarity if I may...
Thanks! Hope you're well 🙂