This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
breadwinner
Explorer
Monday

Application layer showing "Missing cleanup rule - Unmatched traffic will be accepted and not logged"

A VSX-based R81.20 security gateway has an Application layer with a couple of rules. There is no 'Any' to 'Any' drop rule like the last rule in the Security layer. At the bottom of the Application layer, it shows "Missing cleanup rule - Unmatched traffic will be accepted and not logged". Please refer to the attachment.

Since the statement reads there will be "no logging" for the allowed unmatched traffic, I am a bit concerned.

Is it advisable to add an 'Any' to 'Any' drop rule at the bottom of the Application layer OR is there a different way to deal with it?

Preview file
3 KB
0 Kudos
2 Replies
_Val_
Admin
Admin
Monday

It really depends on your needs. I don't believe you need all discovered applications to be logged. However, it is a good practice to include an explicit Application Layer cleanup rule for visibility. It can be the "No Logs" rule if that is what you want.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
Monday

See if this doc I made while ago helps. Gist of it really this...traffic has to be accepted on every ORDERED layer, otherwise, it wont work. So, its totally normal if that layer is last to have any any accept, otherwise, if its any any drop, nothing will work. Ok, let me rephrase that, it would work, but you would need to allow literally exactly same things as on network layer.

Plus, when it comes to app layer, CP also recommended blacklist, rather than whitelist approach.

Best,
Andy
Preview file
594 KB
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events