This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Schnell
Explorer
‎2022-06-22 01:59 AM

Application Filter on Internal Traffic for 1570R

Hi,

New here. Working on 1570R and SMB R80.20.30.

We would like to leverage some of this "OT intelligence" in the 1570R for tighter control of the traffic in an OT environment. For that I'm trying to make application filtering work between two hosts, but it looks like the functionality is locked to the "Outgoing access to the Internet" policy. To circumvent that I have tried making one the LAN interfaces an "Internet" interface, and the policy kicks in, but only in the outgoing direction. NAT is disabled.

How to use application filtering on internal traffic in general? Is that not possible?

Would it work with another model?  I'm under the impression that 1570R is currently the only model you can buy that has "OT intelligence" regarding SCADA protocols etc. 

 

Best regards

Schnell

0 Kudos
3 Replies
G_W_Albrecht
Legend Legend
Legend
‎2022-06-22 04:08 AM

sk102296: How to activate inspection on internal traffic on Quantum Spark appliances

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Schnell
Explorer
‎2022-06-22 08:17 AM
In response to G_W_Albrecht

Thank you.

I have changed both to "true", rebooted and done some testing. It seems to be the same as before. I can still only choose applications in "Outgoing access to the Internet" policy, however that policy does not seem to apply for internal traffic. 

In "Firewall" -> "Blade Control" I have tried enabling and editing the "Block other undesired applications". I used every version of Internet Explorer as a test. However when I do a HTTP request in IE on either host it simply just allows the traffic. It uses the "Any Any HTTP Allow" test rule which is currently first on the list in "Incoming, Internal and VPN traffic" policy.

In either case, a black list like "Block other undesired applications" was not the intended solution, we were looking for a white list functionality like it seems to be possible with "Outgoing access to the Internet" policy.

Am I missing something?

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-06-22 05:18 AM

See sk177203: Quantum IoT Controller [IoT Protect] Security Best Practices

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events