This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Schnell
Explorer
‎2022-06-22 01:59 AM

Application Filter on Internal Traffic for 1570R

Hi,

New here. Working on 1570R and SMB R80.20.30.

We would like to leverage some of this "OT intelligence" in the 1570R for tighter control of the traffic in an OT environment. For that I'm trying to make application filtering work between two hosts, but it looks like the functionality is locked to the "Outgoing access to the Internet" policy. To circumvent that I have tried making one the LAN interfaces an "Internet" interface, and the policy kicks in, but only in the outgoing direction. NAT is disabled.

How to use application filtering on internal traffic in general? Is that not possible?

Would it work with another model?  I'm under the impression that 1570R is currently the only model you can buy that has "OT intelligence" regarding SCADA protocols etc. 

 

Best regards

Schnell

0 Kudos
3 Replies
G_W_Albrecht
Legend
Legend
‎2022-06-22 04:08 AM

sk102296: How to activate inspection on internal traffic on Quantum Spark appliances

CCSE CCTE SMB Specialist
Schnell
Explorer
‎2022-06-22 08:17 AM
In response to G_W_Albrecht

Thank you.

I have changed both to "true", rebooted and done some testing. It seems to be the same as before. I can still only choose applications in "Outgoing access to the Internet" policy, however that policy does not seem to apply for internal traffic. 

In "Firewall" -> "Blade Control" I have tried enabling and editing the "Block other undesired applications". I used every version of Internet Explorer as a test. However when I do a HTTP request in IE on either host it simply just allows the traffic. It uses the "Any Any HTTP Allow" test rule which is currently first on the list in "Incoming, Internal and VPN traffic" policy.

In either case, a black list like "Block other undesired applications" was not the intended solution, we were looking for a white list functionality like it seems to be possible with "Outgoing access to the Internet" policy.

Am I missing something?

0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-06-22 05:18 AM

See sk177203: Quantum IoT Controller [IoT Protect] Security Best Practices

CCSE CCTE SMB Specialist