Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
fatalXerror
Contributor

App & URL Filtering Behavior

Hi Guys,

I deployed a CP firewall running R80.10 and I am using App & URL Filtering however, I noticed an abnormal behavior.

For example, I have a policy for Symantec Updates so my policy looks like the following below,

Source: Internal Subnet

Destination: Any

Service & Application: Symantec-Updates

Action: Permit

When I check the logs for the particular rule, I noticed some traffic which supposed to be not there like going to other site not related to Symantec.

I would like to know why is like that, is that normal or my rule is not correct?

Thanks

4 Replies
PhoneBoy
Admin
Admin

First, I'd set the destination to "Internet" as opposed to any (unless some of the traffic is destined internally).

It also could be a false positive, in which case the TAC will need to investigate.

0 Kudos
fatalXerror
Contributor

Hi Dameon Welch-Abernathy‌, 

thanks for the feedback. Technically, "Internet" and "Any" should be the same right?

0 Kudos

I find this thread especially educating on what is Internet when it comes to firewalls:

https://community.checkpoint.com/thread/6099-properly-defining-the-internet-within-a-security-policy 

0 Kudos
PhoneBoy
Admin
Admin

Any literally means anything, including the Internet.

Internet does not include your internal networks.

0 Kudos