This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AlanDias
Explorer
‎2022-03-10 06:45 AM

User category with specific services in Application Rules

Hellow, I have a Checkpoint 80.40, and I need to create a rule with specific source IPs, but destination must be URLs (not IPs), with specific services (9091 and 9092).

My idea was create a security police with specific source IPs, destination ANY, services 9091 and 9092. And, in application, I created two rules:

Rule1 - source: IPs mensionaded, destination: Internet object and, in  Service Application Sites, I created a Custon AplicationSites, with my URLs, action: ACCEPT.

Rule2 - source: IPs mensionaded, destination: Internet object, services: 9091 and 9092 and action: DROP.

 

But, I found out  that my  Application Sites uses Custom_Application_Site category, that works only with the services HTTP, HTTPS, HTTP_proxy and HTTPS_proxy. Thats why It doens't match in services 9091 and 9092.

 

What can I do in this case?

 

I tried to create an User Category, but I can't associeted the services 9091 and 9092.

 

 

 

 

Preview file
92 KB
0 Kudos
2 Replies
the_rock
Champion
Champion
‎2022-03-10 08:32 AM

Thats a tricky part...so what happens is this. If you wish to say create custom appsin services, you can do that, but you need url filtering enabled. Rules you created make sense to me. By the way, you can add domain objects in destination.

Screenshot_1.png

Screenshot_2.png

Tobias_Moritz
Advisor
‎2022-03-11 07:20 AM

As far as I know, this are your options:

  1. Edit the list of services (TCP ports), the URL filtering blade is using for the Custom Application/Site objects: SmartConsole: Manage & Settings -> Blades -> Application Control & URL Filtering -> Advanced Settings -> Application Control Web Browsing Services: Add your service objects for ports 9091 and 9092 there. But beware, this is a global setting, not only for a specific gateway or policy.
  2. Create a full featured custom application object using the Signature Tool from sk103051 instead of a simple "Custom Application/Site object" in SmartConsole.