This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Piet_vd_Maas
Contributor
‎2023-06-08 01:22 AM

HCP - Threat Prevention Protections impact

Hi All,

When I'm looking to my HCP report under Threat Prevention > Protections > Protections Impact I see a lot of 'Applictions' instead of IPS.

The applications that are in the report aren't configured in any rule. Is there a way to finetune this?

 

SmartConsole Extensions Threat Prevention 

CCSE - CCVS
SmartConsole Extensions
SmartConsole Extensions
Threat Prevention
Threat Prevention
0 Kudos
16 Replies
Tal_Paz-Fridman
Employee
Employee
‎2023-06-08 01:25 AM

Adding @Andy_Yelnik 

0 Kudos
Timothy_Hall
Champion Champion
Champion
‎2023-06-08 04:40 AM

If you have an APCL/URLF rule with Service & Application set to "Any" also with Detailed Logging set (such as the cleanup rule), overhead will be expended identifying & logging these applications which is what you are seeing in hcp.  You can set Track for these rules to just "Log" but the specific applications matching this rule will no longer be detected and logged.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Piet_vd_Maas
Contributor
‎2023-06-08 09:24 PM
In response to Timothy_Hall

Hi Timothy,

The only rules that these applications can hit are the 'Cleanup Rules' with action Drop and track Log.

We've 1 other rule to block traffic to internet with action Reject but only track Log

CCSE - CCVS
0 Kudos
Piet_vd_Maas
Contributor
‎2023-06-09 02:05 AM
In response to Timothy_Hall

Is there a way to find the rule(s) that is/are responsible for this traffic?

CCSE - CCVS
0 Kudos
the_rock
Legend
Legend
‎2023-06-08 05:48 AM

I also saw that in web version of HCP for R81.20, but did not pay much attention to it.

Andy

0 Kudos
CheckPointerXL
Advisor
‎2024-02-20 10:45 AM
In response to the_rock

which url to consult web version of HCP  result?

thanks

0 Kudos
rrbranco
Contributor
Contributor
‎2024-02-20 10:52 AM
In response to CheckPointerXL

Check here.

 

/var/log/hcp/last/...*.tgz 

 

download the file and open with a brower after extracting .tgz contents

 

 

[ ]´s

 

0 Kudos
CheckPointerXL
Advisor
‎2024-02-20 10:54 AM
In response to rrbranco

yes i know

i mean, i remember something like https://fw-ip/hcp ... but it doesn't work

 

i dunno why is not documented in official SK

0 Kudos
Lesley
Advisor
‎2024-02-20 11:06 AM
In response to CheckPointerXL

It is documented in jumbo takes:

PRJ-42453,
PMTR-77024

HCP

NEW: HCP report is now available in WebUI. To access it, use the link: https://<Security Gateway IP address>/hcp.
-------
If you like this post please give a thumbs up(kudo)! 🙂
(1)
Timothy_Hall
Champion Champion
Champion
‎2024-02-20 11:06 AM
In response to CheckPointerXL

You have the correct URL, but that web-based functionality is only supported for later R81.10 Jumbo HFAs and R81.20+.  Here is the relevant page from my Gateway Performance Optimization Course mentioning this:

hcpweb.png

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
(1)
CheckPointerXL
Advisor
‎2024-02-20 11:13 AM
In response to Timothy_Hall

i'm on r81.20, isn't working.... maybe the problem is related to Web portal on port 443...

anyway, i think is something to be added in official sk https://support.checkpoint.com/results/sk/sk171436

thank you all

0 Kudos
the_rock
Legend
Legend
‎2024-02-20 11:15 AM
In response to CheckPointerXL

Trust me, it works, I tested it on R81.20 many times...message me, I can show you via remote if needed.

Andy

the_rock
Legend
Legend
‎2024-02-20 11:29 AM
In response to CheckPointerXL

Technically, like any "sub" domain if you will (for the lack of better term), would go like that, you need custom web UI port for it to work...so https://w.z.y.z:customport/hcp, so in my case it was https://172.16.10.249:4434/hcp

I also ran it on Azure fw lab, but page is sort of "scrambled", but it could be since its cloud fw, on prem works 100% of the time.

Best,

Andy

0 Kudos
the_rock
Legend
Legend
‎2024-02-20 11:31 AM
In response to CheckPointerXL

Never mind, got it...just did not wait long enough lol

Best,

Andy

 

 

Screenshot_1.png

 

 

0 Kudos
the_rock
Legend
Legend
‎2024-02-20 11:14 AM
In response to CheckPointerXL

It definitely works, I tested it in the lab many times. Make sure to add custom port for web UI if it exists

ie https://x.x.x.x:4434/hcp

Andy

0 Kudos
the_rock
Legend
Legend
‎2024-02-20 11:11 AM
In response to CheckPointerXL

I just ran it, below is my example, its simply the web fqdn, you add hcp on "top" of web UI

Andy

 

Screenshot_1.png

0 Kudos
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events