This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mian
Participant
‎2020-02-24 11:26 AM

Application Control Migration

Is there any Check Point tool or document that goes over the process of migrating L3/L4 based rules into Application based rules i.e. to get away from simple port numbers ?  Are there any recommended process or best practices ?  

Thanks

Mian

0 Kudos
2 Replies
Mian
Participant
‎2020-02-24 11:31 AM

My question is related to CP Security Gateways i.e. converting port based rules in the CP to application based rules in the CP. 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-02-24 12:55 PM

To be clear, you should never get away from port numbers even as you adopt application-based rules.
Something I wrote a while ago that's still mostly relevant:
https://phoneboy.org/2016/12/14/which-comes-first-the-ports-or-the-application-id/

Even if you were just using firewall only, some of the services you're already using are basically application-based rules.
This was the case well before R80.
That said, Application Control supports a wider range of applications than we supported in the past.
If you've never used our Application Control before and want to start using it, the easiest way is to just enable it with your existing rulebase in place.
To ensure Application Control fully "sees" the traffic, set your rules to log as "Detailed" or "Extended" (if you want all the URLs people access).

Note: if you only have Firewall/VPN enabled currently, exercise some caution here as this will have a performance impact.
If you have IPS or other Threat Prevention blades, App Control won't add too much additional performance impact.

Based on what you see in the logs, you can add some additional rules to block traffic.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events