Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
spottex
Contributor
Jump to solution

Enabling Protocol Signatures on a service: Does it affect Network Policies

Reading other community articles we got the impression enabling Protocol Signatures on a service will affect traffic going through Network Policy rules as well as in App Control rules.

We started to see strange things so I thought I would test in a lab.

I created a test using
1. The standard HTTPs service
2. Creating a new HTTPS service. TCP Port 443, HTTPs Protocol and enabled Protocol Signatures
3. Created an HTTP (not https) website listening on port 443.

Added 2 Network rules
1. Accept rule using custom HTTPs service with enabled Protocol Signatures.
2. Drop using the standard HTTPs service.

Test http traffic on port 443 is allowed on rule 1. i.e. using the custom HTTPS Service with enabled Protocol Signatures

Adding application control Rules
1. Accept rule using custom HTTPs service with enabled Protocol Signatures
2. Drop using the standard HTTPs service.

The traffic is dropped on Rule 2 bypassing rule 1 with the custom service.

Conclusions
The network rules only checked the port number and ignored Protocol Signatures.
In App Control the HTTP Traffic on 443 did not match the custom HTTPs service with enabled Protocol Signatures because it was not real HTTPS traffic. It was then dropped in rule 2 because of the port number.

So to me this shows that enabling Protocol Signatures only works in the App Control rules and not Network rules would everyone concur?
Am I missing something in my tests?

The reason behind this is we want to enable Protocol Signatures on a few standard services but do not want the matching of network rules to change.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

You are correct, and this is documented in the R80.10 Release SK (where this was first added).

  • Application Control enhancements:
    • Added Recommended Services to Applications for easier configuration of the unified policy.
    • Applications matched on Recommended Services, customized set of services, or Any service.
    • New Protocol Signature added to Service object, to enhance policy matching security and granularity.

View solution in original post

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

You are correct, and this is documented in the R80.10 Release SK (where this was first added).

  • Application Control enhancements:
    • Added Recommended Services to Applications for easier configuration of the unified policy.
    • Applications matched on Recommended Services, customized set of services, or Any service.
    • New Protocol Signature added to Service object, to enhance policy matching security and granularity.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events