Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
KostasGR
Contributor

Enforce RFC compliance for the services protocol

Hello 

In order to Enforce RFC compliance for the services protocols (for example ftp,http,allow ssh v2 only and block ssh v1 ) do i need application control enabled or not?

BR
Kostas

0 Kudos
5 Replies
G_W_Albrecht
Legend
Legend

I would say no - protocols are mostly analyzed by IPS Core protections. APCL enables you to differentiate between Apps, also ones that use the same protocols.

Bob_Zimmerman
Advisor

Application Control is about letting you use "Facebook Games" and such in a rule. It's like URL Filtering.

Basic RFC compliance (like FTP verbs and HTTP verbs) is enforced by a feature called protocol inspection. That does not involve Application Control or any subscription, it's just built right into the firewall.

Deeper RFC compliance is more the domain of IPS. Still not Application Control, but a subscription feature commonly covered together.

Timothy_Hall
Champion
Champion

As Gunther said the IPS Core Protections enforce this, along with "Inspection Settings" located under Shared Policies.  The IPS blade is not necessary unless you are using an R77.30 or older gateway, where Core Protections and Inspection Settings were originally part of the IPS Blade.  In R80.10 and later they are part of the standard Access Policy (Firewall blade) as mentioned in my IPS Immersion video class.

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
KostasGR
Contributor

Hello again

The below is from admin guide for security management r80.40.

 

Service Matching
The Security Gateway identifies (matches) a service according to IP protocol, TCP and UDP port number,
and protocol signature.
To make it possible for the Security Gateway to match services by protocol signature, you must enable
Application & URL Filtering on the Security Gateway and on the Ordered Layer.
You can configure TCP and UDP services to be matched by source port.

BR,
Kostas

0 Kudos
Bob_Zimmerman
Advisor

Protocol inspection is about enforcing some protocol compliance.

Protocol signatures are more about differentiating between multiple application-level protocols used over the same port.