Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
constant69
Contributor
Jump to solution

Monitor the application usage for our users

Hello Team,

 

We are trying to monitor the application usage for your users.

HTTPS Inspection is enabled.

I have attached a afileand you can see from the screenshot provided, that some applications that we have in the rule explicitly work correctly, but something like Facebook, does not.

From what we have observed, we need to explicitly place the application in the application section. Since Facebook was not, but Evernote was, Evernote was logged in, but not Facebook.

 

I hope I can find somebody here to confirm that.

 

Regards

0 Kudos
1 Solution

Accepted Solutions
constant69
Contributor

The solution consist to select "Detailed Log" in the field Track

image.png

View solution in original post

0 Kudos
13 Replies
G_W_Albrecht
Legend Legend
Legend

screenshots are much too small to be able to see anything, and i do not understand your question !

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
constant69
Contributor

image.png

I have attached a screenshot of the both rules.

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

But what is your question ? This rule does not make sense to me, as you allow something, and in next rule, allow all ?

I can see neither evernote nor faceboog here...

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
constant69
Contributor

We are trying to monitor the application usage for your users and my intention was to create only one rule (the second in the picture) and I have created both rule for the following test

- If we gain access to “evernote” or “gmail”, the rule 1 of layer “Application” log correctly field “Application Control”
- If we gain access to another “Application Control” (Like Facebook), the rule 2 of layer “Application” does not log the field “Application Control”.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Look into https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_NexGenSecurityGateway_Guide/... on how to do this! As long as no services and applications are added to the column, rule will not match, also see sk73220 ATRG: Application Control for details of matching.

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
constant69
Contributor

I'm going to read sk73220 ATRG again, maybe I forgot something.

Precision: the rule 2 match for others applications (Those not specified in the rule 1), but the logs related to this rule 2  haven't got the information related to "Application Control"

0 Kudos
G_W_Albrecht
Legend Legend
Legend

You can ask TAC and let them explain it to you 😎

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

Set the Track for Rule 2 to be Detailed Log as otherwise it is not necessary for App Control to be active for this rule to be enforced otherwise.

constant69
Contributor

I have tried set the track for rule 2 to be Detailed Log and the result is the same: this rule match but I still haven't got the information related to "Application Control"

0 Kudos
Martin_Raska
Advisor
Advisor

are you look at logs with blade: Application Control?

0 Kudos
constant69
Contributor

Yes!

0 Kudos
Martin_Raska
Advisor
Advisor

Show us the rules you are trying to hit and the exact log you are actually hitting.

0 Kudos
constant69
Contributor

The solution consist to select "Detailed Log" in the field Track

image.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events