This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
User1234
Contributor
‎2022-01-24 03:08 AM

Enable Protocol Signature by default

Jump to solution
Hi! (I hope this is the correct board) Concerning Firewalling (Mgmt/GW) I want to enable protocol signatures (AppCtrl) in all services by default, without the need to manually override each service and check the box in the advanced section. Is this possible at all? #Quantum
0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion
‎2022-01-24 09:25 AM
In response to User1234

Jump to solution

Doesn't seem to be possible from what I can tell, I poked around in the GUIdbedit objects_5_0.C settings and the $FWDIR/lib/*.def files and didn't see any kind of property setting that controls this behavior.

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

7 Replies
_Val_
Admin
Admin
‎2022-01-24 03:13 AM

Jump to solution

Can you elaborate please? What are you trying to achieve?

0 Kudos
User1234
Contributor
‎2022-01-24 03:28 AM
In response to _Val_

Jump to solution

I am trying to enable AppCtrl on our GWs. This is done by activating the blade activating the protocol signature in the respective services, that are used in the access layer. Unfortunately the protocol signature check is disabled by default in any service and must be activated manually. I want to activate it by default, so any service has the box check automatically.

Preview file
21 KB
Preview file
60 KB
0 Kudos
_Val_
Admin
Admin
‎2022-01-24 04:30 AM
In response to User1234

Jump to solution

I think you misunderstand what Application Control is, and how it is intended to work.

There are services, and there are applications. You can use both in the rulebase. Maybe start with sk112249 and Admin manuals.

0 Kudos
Timothy_Hall
Champion
Champion
‎2022-01-24 07:22 AM

Jump to solution

The R80+ Protocol Signature & Protocol settings on the service objects are the source of a lot of confusion but as Val said is mostly separate from Application Control.  Understanding the ramifications of enabling the Protocol Signature setting beforehand is highly advisable.  This seems to be one area that does not have a lot of documentation, so I took my best shot at trying to explain it in my unpublished "APCL/URLF Immersion" class for a private customer.  Whether I did a good job or not is left as an exercise for the reader, see below.  😀

proto1.pngproto2.pngproto3.pngproto4.jpgproto5.pngproto6.png

 

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
User1234
Contributor
‎2022-01-24 07:32 AM
In response to Timothy_Hall

Jump to solution

Thanks for the explanation. So is there a way to enable the protocol signature check by default on any supporting protocols/services/whatever-you-may-name-them?

0 Kudos
Timothy_Hall
Champion
Champion
‎2022-01-24 09:25 AM
In response to User1234

Jump to solution

Doesn't seem to be possible from what I can tell, I poked around in the GUIdbedit objects_5_0.C settings and the $FWDIR/lib/*.def files and didn't see any kind of property setting that controls this behavior.

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
_Val_
Admin
Admin
‎2022-01-24 09:54 AM
In response to User1234

Jump to solution

Not all services are having those signatures in the first place.