This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
BigPAM
Explorer
‎2019-10-22 04:52 AM

Compliance vs AlgoSec

Is it unfair of me to compare the Compliance with a policy audit tool such as AlgoSec Firewall Analyser? I am trying to create custom rules to find specific flows (i.e.traffic that originates on our internal network that goes to the internet bypassing the proxy). Compliance blade seems to be object based rather than breaking down the policy into base metadata as some of the well firewall audit tools do. I cant seem to get the above example to work  (because Compliance blade seems to be looking for specific objects ???).

Are there an sources of Compliance Blade documentation other than the videos or the R80.1 ARTG? They don't seem to go deep enough for me to figure this out for myself.

Thanks.

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2019-10-24 09:57 AM

Compliance Blade is looking at "best practices" as dictated by either specific regulatory requirements you choose or ones you define yourself.
It seems like you should be able to define an object that encompasses your internal network, no?
I believe that's required for custom rules to work.

If you can be more specific about exactly how you tried to define this custom rule, perhaps we can provide a suggestion.
0 Kudos
BigPAM
Explorer
‎2019-11-07 12:42 AM
In response to PhoneBoy

Hi - so my latest attempt is this. I am trying to create a custom rule that reports on rules that allow access from the internal LAN to the internet without going via the proxy. I have created group objects that contain our internal network objects and one that contains all of our DMZ network objects. The report on this rule shows no rules found (and there should be many!). I can get results for simple things like finding 'Any' in source/destination but nothing more ambitious. Any help would be appreciated.

Compliance Blade rule ...

Relevant Blade - FW

Best Practice Rule definition

  • Hit Count - not defined
  • Name - not defined
  • Source - Group object containing all internal network objects
  • Destination - NEGATE Group object containing all DMZ network objects
  • VPN - not defined
  • Service - not defined
  • Action - accept
  • Track- not defined
  • Install On - not defined
  • Time - not defined
  • Comment - not defined

Best Practice scoring

  • Violation definition - Rule found
  • Tolerance - 0
  • Rule Index Display Criteria - Secure, Display rules that match  Poor, Display rules that match

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events