This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
KostasGR
Advisor
‎2021-04-21 07:34 AM

Enforce RFC compliance for the services protocol

Hello 

In order to Enforce RFC compliance for the services protocols (for example ftp,http,allow ssh v2 only and block ssh v1 ) do i need application control enabled or not?

BR
Kostas

0 Kudos
5 Replies
G_W_Albrecht
Legend
Legend
‎2021-04-21 07:47 AM

I would say no - protocols are mostly analyzed by IPS Core protections. APCL enables you to differentiate between Apps, also ones that use the same protocols.

CCSE CCTE CCSM SMB Specialist
Bob_Zimmerman
Authority
Authority
‎2021-04-21 08:13 AM

Application Control is about letting you use "Facebook Games" and such in a rule. It's like URL Filtering.

Basic RFC compliance (like FTP verbs and HTTP verbs) is enforced by a feature called protocol inspection. That does not involve Application Control or any subscription, it's just built right into the firewall.

Deeper RFC compliance is more the domain of IPS. Still not Application Control, but a subscription feature commonly covered together.

Timothy_Hall
Champion Champion
Champion
‎2021-04-21 08:17 AM

As Gunther said the IPS Core Protections enforce this, along with "Inspection Settings" located under Shared Policies.  The IPS blade is not necessary unless you are using an R77.30 or older gateway, where Core Protections and Inspection Settings were originally part of the IPS Blade.  In R80.10 and later they are part of the standard Access Policy (Firewall blade) as mentioned in my IPS Immersion video class.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
KostasGR
Advisor
‎2021-04-22 08:30 AM
In response to Timothy_Hall

Hello again

The below is from admin guide for security management r80.40.

 

Service Matching
The Security Gateway identifies (matches) a service according to IP protocol, TCP and UDP port number,
and protocol signature.
To make it possible for the Security Gateway to match services by protocol signature, you must enable
Application & URL Filtering on the Security Gateway and on the Ordered Layer.
You can configure TCP and UDP services to be matched by source port.

BR,
Kostas

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2021-04-22 08:35 AM
In response to KostasGR

Protocol inspection is about enforcing some protocol compliance.

Protocol signatures are more about differentiating between multiple application-level protocols used over the same port.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events