Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Morten_Pederse1
Explorer

Is it possible to create OS based rules in 80.10 or 80.20 ?

Can you create OS based rules in 80.10 or 80.20 ? For example create an rule that deny internet access for all Windows 2003 and Windows XP machines ? I would prefer to be able to create an rule based on operation system instead of using IP og hostnames.

7 Replies
Gomboragchaa
Advisor

I don't think so. Check Point cannot detect host machine's Operation System with version. Even detect the OS, CP hasn't any feature of OS based Policy.

0 Kudos
_Val_
Admin
Admin

If those are managed machines, and they are listed in particular groups on your AD (grouping by OS flavor, for example), you can use specific access roles and IA to build up your rules.

Morten_Pederse1
Explorer

Yes it is managed machines. All in our AD.

What do you mean with IA ? As I told, I would prefer not to be necessary to join those maschines to an AD group, but instead create something that automatically block internet access for specific operation system. But I am open listening to what options I have for the best available solution on Checkpoint Smiley Happy

_Val_
Admin
Admin

IA - Identity Awareness. 

PhoneBoy
Admin
Admin

You might be able to do an Automation Reaction on SmartEvent when IPS detects Windows XP (which is disabled by default as an IPS Protection).

But I'm with Valeri, I'd do this with Identity Awareness where you define a group of your "older" machines in Active Directory.

Hugo_vd_Kooij
Advisor

That is assuming the machines are part of a domain. And a domain that is actually conencted to the firewall.

I have seen mission critical obsolete hardware/software combinations that no dared to touch but they ar usually not part of a domain and never were. So it only works if you identify the OS somehow.

Time for P0f blade I guess 😉

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Dor_Marcovitch
Advisor

If you have any NAC solution such as Portnox,Forscout,Ise they can identify the os and pach levels and perform an api call to IA Blade to give tham spacial tags.

What ways can you distiguish between those clients?

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events