This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AlanDias
Explorer
‎2022-03-10 06:45 AM

User category with specific services in Application Rules

Hellow, I have a Checkpoint 80.40, and I need to create a rule with specific source IPs, but destination must be URLs (not IPs), with specific services (9091 and 9092).

My idea was create a security police with specific source IPs, destination ANY, services 9091 and 9092. And, in application, I created two rules:

Rule1 - source: IPs mensionaded, destination: Internet object and, in  Service Application Sites, I created a Custon AplicationSites, with my URLs, action: ACCEPT.

Rule2 - source: IPs mensionaded, destination: Internet object, services: 9091 and 9092 and action: DROP.

 

But, I found out  that my  Application Sites uses Custom_Application_Site category, that works only with the services HTTP, HTTPS, HTTP_proxy and HTTPS_proxy. Thats why It doens't match in services 9091 and 9092.

 

What can I do in this case?

 

I tried to create an User Category, but I can't associeted the services 9091 and 9092.

 

 

 

 

Preview file
92 KB
0 Kudos
7 Replies
the_rock
Legend
Legend
‎2022-03-10 08:32 AM

Thats a tricky part...so what happens is this. If you wish to say create custom appsin services, you can do that, but you need url filtering enabled. Rules you created make sense to me. By the way, you can add domain objects in destination.

Screenshot_1.png

Screenshot_2.png

Tobias_Moritz
Advisor
‎2022-03-11 07:20 AM

As far as I know, this are your options:

  1. Edit the list of services (TCP ports), the URL filtering blade is using for the Custom Application/Site objects: SmartConsole: Manage & Settings -> Blades -> Application Control & URL Filtering -> Advanced Settings -> Application Control Web Browsing Services: Add your service objects for ports 9091 and 9092 there. But beware, this is a global setting, not only for a specific gateway or policy.
  2. Create a full featured custom application object using the Signature Tool from sk103051 instead of a simple "Custom Application/Site object" in SmartConsole.

 

sloddo
Explorer
‎2023-11-17 11:33 AM
In response to Tobias_Moritz

Is this ever going to be implemented to be able to match on specific non-standard ports for custom applications?

I've seen many posts about this going back to 'it's planned to be included in R80.20' but we still don't have this functionality in 2023.

0 Kudos
the_rock
Legend
Legend
‎2023-11-17 12:35 PM
In response to sloddo

I had people ask me the same question before, but I dont see any concrete plans to implement it, but would be nice.

Andy

0 Kudos
the_rock
Legend
Legend
‎2023-11-17 12:37 PM
In response to sloddo

Wait, is this what you meant? if so, its possible to customize it.

Andy

 

Screenshot_1.png

0 Kudos
sloddo
Explorer
‎2023-11-17 12:45 PM
In response to the_rock

Not for the built-in Applications, for custom (user created) Applications (without having to use the Signature creation tool).

0 Kudos
the_rock
Legend
Legend
‎2023-11-17 12:49 PM
In response to sloddo

Correct, thats not possible as of yet, sorry for misunderstanding.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events