- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi
We have created a custom application/site object to use in the https inspection bypass rule. It contains trusted domains and services we want to exclude from inspection. Let's call it HTTPS_inspection_bypass. This custom app is only used in HTTPS inspection policy.
Since there is a lot of traffic to this domains this custom application is almost always on the top of the TOP applications list in the reports and the granular visibility per application/site is lost. So, instead of gmail.com, microsoft.com, lync.com etc., we only get HTTPS_inspection_bypass as an application, swallowing all the included domains, making reports somewhat lacking in precision.
I'm quite sure this is by design, but is there a way around that?
Perhaps instead of creating a single object, you create multiple and put them in a group in the rule instead?
I suggest going to the filters and filter this application out.
Select "Application Name" "Not Equals" "<custom_application_name>"
If you have issues with that you can also try to use "Custom Filter"
Hello
it seems I have the same question (https://community.checkpoint.com/t5/Logging-and-Reporting/Show-application-group-members-in-reports/...)..
So now I added these filters but now i do not see any hits from this custom application right?
Cheers,
David
Hi
yes, i have the same concern. If you're talking about report filters, then nothing contained in the custom app will show in the report.
@D_W probably described our intentions better in his post: We would prefer to see the group members instead of the groups in the reports.
2022 still this is the default behavior..
Is there a way to enforce logs/reports to ignore custom application category tag (not the data, just the tag) and try to show the real application on the report/log ??
A lot, if not all, of customers are asking for this...
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY