This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
fatalXerror
Contributor
‎2019-01-10 05:01 AM

App & URL Filtering Behavior

Hi Guys,

I deployed a CP firewall running R80.10 and I am using App & URL Filtering however, I noticed an abnormal behavior.

For example, I have a policy for Symantec Updates so my policy looks like the following below,

Source: Internal Subnet

Destination: Any

Service & Application: Symantec-Updates

Action: Permit

When I check the logs for the particular rule, I noticed some traffic which supposed to be not there like going to other site not related to Symantec.

I would like to know why is like that, is that normal or my rule is not correct?

Thanks

Reply
4 Replies
PhoneBoy
Admin
Admin
‎2019-01-12 01:07 PM

First, I'd set the destination to "Internet" as opposed to any (unless some of the traffic is destined internally).

It also could be a false positive, in which case the TAC will need to investigate.

0 Kudos
Reply
fatalXerror
Contributor
‎2019-01-13 10:24 PM
In response to PhoneBoy

Hi Dameon Welch-Abernathy‌, 

thanks for the feedback. Technically, "Internet" and "Any" should be the same right?

0 Kudos
Reply
HristoGrigorov
Mentor
Mentor
‎2019-01-13 10:29 PM
In response to fatalXerror

I find this thread especially educating on what is Internet when it comes to firewalls:

https://community.checkpoint.com/thread/6099-properly-defining-the-internet-within-a-security-policy 

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2019-01-14 05:36 AM
In response to fatalXerror

Any literally means anything, including the Internet.

Internet does not include your internal networks.

0 Kudos
Reply