This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
madne_55
Participant
‎2024-12-13 03:17 AM
Jump to solution

Native application - iOS application that should talk to server

Her commes the long shot!

FW info:

HA Cluster:

2x1590 appliances

Version: R81.10.10 (2993)

I' trying to make object: I GUESS native application that should enable iOS application on Ipad/Iphone to talk to one of clients servers.

Developer of CROSSPAD application provided med with information in form of:

- application name

- IFS STI path

-URL:

*query manager information

*webservice information

*RPA service information

and

*Service Monitor Console

all URLs are HTTP URLs

 

I still not sure what to go for here. Anyone have a valid solution to present me with?

I appreciate every help I can get.

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
MVP Silver
MVP Silver
‎2024-12-17 01:52 AM
Jump to solution

I do not see much of a problem - you want to connect from one internal net to another, so all depends on the inspection and routing settings. First step is to try communication and note the log entries, you will see what has to be configured on the way !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

5 Replies
PhoneBoy
Admin
Admin
‎2024-12-13 07:29 AM
Jump to solution

Are these SMB gateways locally managed or centrally managed through Smart-1 (Cloud)?
What's the topology here?
Specifically, where is the iOS device, the server, and the SMB gateways relative to each other?
Is this over a VPN or just out to the Internet?

If these URLs are HTTPS URLs, if you need to be more granular than the host portion of the URL, you will need HTTPS Inspection.

The more information you can give us, the more likely we will be able to assist you.

0 Kudos
madne_55
Participant
‎2024-12-15 11:05 PM
In response to PhoneBoy
Jump to solution

SMB Gateways are centrally managed.

IOS device is in production network and should talk to server on server network, all managed by cluster (LAN1.A network and LAN2.B network, we can call it like that).

There is no need for VPN.

Question still stands, what type application or form of communitaction/rule should I implement here.

No need for VPN.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-12-16 08:21 AM
In response to madne_55
Jump to solution

Both the client and server are on protected segments of the gateway, correct?
Without knowing the exactly details provided and the specific security requirements, it's difficult to provide specific advice.
However, you have two basic options: by port or by URL.

To allow access to a "URL," in general, involves a Custom Application/Site object, which are inspected on the standard HTTP/HTTPS ports plus the proxy port (8080) by default (ports can be added to this).
If the URLs are not HTTP specifically (i.e. they are HTTPS), then for those URLs to be properly inspected, you also need to use HTTPS Inspection.
This requires deploying a trusted CA certificate on the relevant endpoints, which is a bit of a cumbersome process on iOS devices without some sort of Mobile Device Management solution. 
If the application uses Certificate Pinning and/or requires mutual TLS authentication, HTTPS Inspection will not work.

If you cannot or don't wish to use HTTPS Inspection, then you open the relevant TCP/UDP ports for the application.

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2024-12-17 01:52 AM
Jump to solution

I do not see much of a problem - you want to connect from one internal net to another, so all depends on the inspection and routing settings. First step is to try communication and note the log entries, you will see what has to be configured on the way !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
madne_55
Participant
‎2025-01-02 11:32 PM
In response to G_W_Albrecht
Jump to solution

Yes,

I see that I overcomplicated the case here. I have already set policy rules that clearly state that traffic is allowed from network to network via a specific TCP port.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events