This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Scottc98
Advisor
‎2024-03-11 12:40 PM
Jump to solution

Update application object with additional service ports - Best practice ?

Hello Checkmates!

 

Got a question around what the best practice to get a current application object updated with missing service objects.    I've searched around and can't seem to find a direct answer/path; looking for some guidance.

 

I've read through these two SKs and they seem to be more around custom apps that are either not defined by checkpoint or may need some signature 'tweaks' to the existing. (https://support.checkpoint.com/results/sk/sk103051)

This 'best practice' SK also doesn't seem to meet the case either (https://support.checkpoint.com/results/sk/sk165094)

Problem

  • The application I am trying to update is for SAP.   I have noticed that only a select few of the ports are being captured with this application and noticed that its only 'non' web-browsing ports defined is TCP 3200 and TCP 3370
  • Other "SAP" applications within the management DB doesn't seem to capture all of them as well and also have questions on the signatures used 
    • Example is "SAP NetWeaver" that has TCP 3600-3699 & TCP 3900-3999 defined.
    • Other example is "SNC for SAP NetWeaver", which lists only TCP 3200 but I see it matching higher TCP 32XX ports in logs???
  • From working with some SAP application teams, it looks like there are ranges of TCP 3200-3299, TCP 3300-3399 & TCP 3600-3699 used for some S4/Hana and integration connections.
    • These are not matching any existing "SAP" apps in the Checkpoint DB.
  • When I compare the "SAP" application with other competitors, I do see additional ports defined in their application

Questions:

1) Is there a place for Checkpoint to update their application database or request for one?     Common applications like SAP would seem to be a use case and try to see if there is something more than 'open a TAC case' or 'contact your account team' 🙂

2) If i have no issues with the current signatures but just the service ports, is 'best practice' to 'clone the existing application and customize the application from there?

3) If I want to check for application 'hits' after making a modification, do I need to place it explicitly in a rule or just need to install policy on the box so the application database updates?     Referring to a log where I have 'extended' and/or 'detailed' set and see what application it would match?

4) "SNC for SAP NetWeaver" application states its only TCP 3200 but I see it hitting multiple ports (3214, 3215, 3216, etc).   How is this matching the application if the service port range is not defined?   Looked at it from a GuiDBedit perspective but couldn't find any service ports for any application.   Is there another spot I would have to look so I can understand the accuracy of the service ports for each application?

 

 

 

 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-03-11 12:48 PM
Jump to solution

1. For customers, requests should be made through your local Check Point office.

2. You would have to clone the application definition to change its ports.

3. To ensure a match, you'd want to ensure the service is used in the rulebase.

4. Not 100% certain on this and would recommend a TAC case for further investigation.

View solution in original post

2 Replies
Lesley
Leader Leader
Leader
‎2024-03-11 12:48 PM
Jump to solution

Just an out of the box idea maybe updateable object for SAP will help?

https://support.checkpoint.com/results/sk/sk131852

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
PhoneBoy
Admin
Admin
‎2024-03-11 12:48 PM
Jump to solution

1. For customers, requests should be made through your local Check Point office.

2. You would have to clone the application definition to change its ports.

3. To ensure a match, you'd want to ensure the service is used in the rulebase.

4. Not 100% certain on this and would recommend a TAC case for further investigation.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events