This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
lluner
Advisor
‎2024-12-29 06:23 AM

Checkpoint inspection https and http

hi 

 

How do I do this in Checkpoint? Is it possible to associate port 443 only with the HTTPS protocol or not allow the SSH protocol on port 443?

0 Kudos
7 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2024-12-29 07:38 AM

Please review Protocol signatures option & HTTPS inspection for this requirement.

iirc there was also an IPS protection for SSH over non-standard ports as an alternative but please double-check the performance implications of this approach.

CCSM R77/R80/ELITE
0 Kudos
AkosBakos
MVP Silver
MVP Silver
‎2024-12-29 09:31 AM

Hi,

Create a custom service object, and set it as @Chris_Atkinson  said.

You can choose the protocol (1st screenshot)

2024-12-29 18_28_48-Cloud Demo Server [ID_784674684]-R81.20-SmartConsole.png

2024-12-29 18_29_05-Cloud Demo Server [ID_784674684]-R81.20-SmartConsole.png

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-12-29 04:23 PM

I cant recall what default settings are now, but what guys said makes total sense, just create new one and enable those options.

Andy

Best,
Andy
0 Kudos
AkosBakos
MVP Silver
MVP Silver
‎2024-12-30 02:24 AM
In response to the_rock

By the "offical' https service object, those settings are grayed out. Thats why I created a screenshot of a total new object.

And don't forget, if you make a change on a service object, it will affecten on every rule, where the object in in use. So be careful 🙂

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-12-30 05:39 AM
In response to AkosBakos

Very true mate! Btw, it is possible to do on default service, just override the settings and option is there, but I agree, always better to create custom one in case like this.

Andy

Best,
Andy
0 Kudos
AkosBakos
MVP Silver
MVP Silver
‎2024-12-30 05:57 AM
In response to the_rock

Exactly. A long long ago, I changed one default service object parameters... It wasn't the best deceison. 🙂

...live and learn...

Akos

----------------
\m/_(>_<)_\m/
(1)
the_rock
MVP Platinum
MVP Platinum
‎2024-12-30 06:07 AM
In response to AkosBakos

I think I know the reason mate...back then, you forgot to eat enough cabbage 😉

Andy

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events