- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Application Control Cleanup Rules...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Application Control Cleanup Rules...
Hello!
I've been putting together an application control rule for windows updates and I'm having difficulty understanding the cleanup rules. I have an Application Control in-line layer at the bottom of my Security policy (above the drop rule).
If the Implicit action for the layer is to drop, and the explicit cleanup rule is to drop, does that drop apply to ALL traffic, or only traffic that can be affected by the application control layer?
I ask this because it appears that when my cleanup rule (to drop) is enabled, the app control rule does not work. But when I disable the cleanup rule (and hence "unmatched traffic will be dropped and not logged"), things seem to start working.
I'm also worried that these cleanup rules might drop other non-app control destined traffic and affect how that is currently working.
Cheers!
Mark.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Better use the App control rule base to drop unwanted traffic without clean up rule - please read the reference the sk73220: ATRG: Application Control has: For Application Control optimization, please refer to Section (3-10) in sk98348 - Best Practices - Security Gateway Performance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the pointers!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Mark,
I will share what I did for one customer couple of years ago. So, since they came from a different vendor to CP, they were always used to having implicit clean up rule at the bottom of the rule base, so when I showed them CP best practise for sk @G_W_Albrecht mentioned to you, they did not feel comfortable doing so, as it advises to use blacklist approach, rather than whitelist. This is because every ordered layer in CP dashboard has to have traffic accepted, otherwise it wont work...to make long story short, it means that any any allow would technically replace implicit drop rule for this layer. Now, obviously, for traffic thats dropped on access layer, it wont do further checking on another ordered layer.
Now, in your case, here is what I suggest. What client and I ended up doing was create a section towards the top of the rule base that had 5-6 rules specifically to address URL filtering/app control and it works very well, no issues. Also, since they wanted to use https inspection, we created few rules specifically for that in https inspection policy, so users would receive blocked page when going to blocked category.
If you need help with it, message me privately and I would be happy to do remote and show you.
Cheers.
