This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Simon_Macpherso
Advisor
‎2023-07-09 10:17 PM

Application Layer in Unified Policy

Questions re unified policies

Scenario

A new layer is created and Applications & URL Filtering is the ONLY blade selected. The layer is integrated in to an existing access control policy with only the firewall blade enabled. 

1. Are the access and application layers independent in a unified rule base, in so far as the traffic is not analyzed by the access layer first then proceeds to be analyzed by the application layer (as what occurs when adding an application layer as an additional layer to the access control layer) - and vice versa.

2.So assuming the traffic only needs match on either layer to be processed i.e. the first layer the traffic matches on, if I add the application layer near the top of the unified rule base, the parent rule catches the traffic, it drops down in to the layer to be analyzed by the layer sub-rules, it matches on a sub-rule or clean up rule (that has an implicit cleanup action of Accept), the traffic is accepted with no further rule base matching required. 

I notice the Application & URL Filtering blade does not need to be explicitly enabled on the access layer in the policy general properties. You can still add a separate application layer to the policy and it will work. 

Regards,

Simon 

 

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2023-07-10 05:01 AM

If multiple ordered layers are used (regardless of the blades enabled in the different layers), traffic much match an Accept rule in EACH layer to pass.

0 Kudos
Simon_Macpherso
Advisor
‎2023-07-10 04:48 PM
In response to PhoneBoy

The scenario is a single ordered layer with only the firewall blade enabled, with an inline application layer (only application and url filtering blade enabled) integrated. 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-07-10 11:16 PM
In response to Simon_Macpherso

In that scenario, the App Control layer will only be evaluated if the parent rule (in a Firewall-only layer) is matched.

0 Kudos
the_rock
Legend
Legend
‎2023-07-10 07:43 AM

As phoneboy said, every ordered layer has to accept traffic, otherwise, it wont work. So, below is perfect example. Say, if what I pointed out is action drop instead of accept, NOTHING would work at all.

Andy

 

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topi...

 

Screenshot_1.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events