This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
KeonNg
Participant
‎2024-06-28 12:41 AM

How to restrict specific rules traffic from Network Policy Layer to inspect by the Next Policy Layer

Hi All,

 

I was wondering is there any way we restrict only http/https traffic from the first layer to move to next policy layer instead of allowing all the accept rules from the first policy layer to go through the next layer policies. The intention we want to separate it out different layer with different blade inspection. 

 

The scenario:

Example Traffic: Internal Users < https (443) > Internet (facebook.com) 

1. Network Layer (Firewall only) = Only for normal network rules

2. URL Filtering Layer (URL Filtering & Application Control Only) = Only for http & https traffic that allow from network layer to this layer to perform URL Filtering Inspection

 

This is because we don't want all traffic that is hit and allow from Network Layer will to go next policy layer if it is not http/https traffic. Because of this, we must create any any allow to the cleanup rule on the second layer policies otherwise even the traffic is accepted by the first layer it will drop at second layer on clean up rule. Therefore, we only just want those http/https traffic affter being allowed from network policy layer will move to next layer to perform URL filtering & Application Control Inspection. 

 

I do select the first layer with firewall blade only and the second policy layer with application & URL filtering blade only but still the second layer policies will be restricted by firewall blade. Please refer to the images.

 

Best Regards

Keon

 

 

 

 

Preview file
246 KB
Preview file
257 KB
Preview file
225 KB
0 Kudos
4 Replies
emmap
Employee
Employee
‎2024-06-28 12:52 AM

There is no mechanism for this in ordered layers. Generally though your Application layer would would be configured as implied accept on it to save you the need for a general cleanup rule. This way you only need to worry about allowing/blocking internet traffic and anything else is silently accepted after being accepted on the Network layer.

Alternatively look at using Inline layers instead of Ordered layers.

0 Kudos
JP_Rex
Collaborator
Collaborator
‎2024-06-28 12:53 AM

Images missing

Regards

Peter

0 Kudos
KeonNg
Participant
‎2024-06-28 01:16 AM
In response to JP_Rex

Hi Peter,

 

You may find the images again on the top. 

 

Best Regards,

Keon

0 Kudos
PhoneBoy
Admin
Admin
‎2024-06-28 12:05 PM

To do this with ordered layers, create another ordered layer before your Application layer that only accepts http and https traffic, blocking everything else.
Or use an inline layer to do the same thing with http/https in the top level rule.
Here's an example of what that might look like.

image.png

To create the inline layer:

image.png

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events