This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
spottex
Collaborator
‎2022-10-26 12:08 AM
Jump to solution

Enabling Protocol Signatures on a service: Does it affect Network Policies

Reading other community articles we got the impression enabling Protocol Signatures on a service will affect traffic going through Network Policy rules as well as in App Control rules.

We started to see strange things so I thought I would test in a lab.

I created a test using
1. The standard HTTPs service
2. Creating a new HTTPS service. TCP Port 443, HTTPs Protocol and enabled Protocol Signatures
3. Created an HTTP (not https) website listening on port 443.

Added 2 Network rules
1. Accept rule using custom HTTPs service with enabled Protocol Signatures.
2. Drop using the standard HTTPs service.

Test http traffic on port 443 is allowed on rule 1. i.e. using the custom HTTPS Service with enabled Protocol Signatures

Adding application control Rules
1. Accept rule using custom HTTPs service with enabled Protocol Signatures
2. Drop using the standard HTTPs service.

The traffic is dropped on Rule 2 bypassing rule 1 with the custom service.

Conclusions
The network rules only checked the port number and ignored Protocol Signatures.
In App Control the HTTP Traffic on 443 did not match the custom HTTPs service with enabled Protocol Signatures because it was not real HTTPS traffic. It was then dropped in rule 2 because of the port number.

So to me this shows that enabling Protocol Signatures only works in the App Control rules and not Network rules would everyone concur?
Am I missing something in my tests?

The reason behind this is we want to enable Protocol Signatures on a few standard services but do not want the matching of network rules to change.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-10-26 11:15 AM
Jump to solution

You are correct, and this is documented in the R80.10 Release SK (where this was first added).

  • Application Control enhancements:
    • Added Recommended Services to Applications for easier configuration of the unified policy.
    • Applications matched on Recommended Services, customized set of services, or Any service.
    • New Protocol Signature added to Service object, to enhance policy matching security and granularity.

View solution in original post

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2022-10-26 11:15 AM
Jump to solution

You are correct, and this is documented in the R80.10 Release SK (where this was first added).

  • Application Control enhancements:
    • Added Recommended Services to Applications for easier configuration of the unified policy.
    • Applications matched on Recommended Services, customized set of services, or Any service.
    • New Protocol Signature added to Service object, to enhance policy matching security and granularity.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events