Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
KostasGR
Advisor

Enforce RFC compliance for the services protocol

Hello 

In order to Enforce RFC compliance for the services protocols (for example ftp,http,allow ssh v2 only and block ssh v1 ) do i need application control enabled or not?

BR
Kostas

0 Kudos
5 Replies
G_W_Albrecht
Legend Legend
Legend

I would say no - protocols are mostly analyzed by IPS Core protections. APCL enables you to differentiate between Apps, also ones that use the same protocols.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Bob_Zimmerman
Authority
Authority

Application Control is about letting you use "Facebook Games" and such in a rule. It's like URL Filtering.

Basic RFC compliance (like FTP verbs and HTTP verbs) is enforced by a feature called protocol inspection. That does not involve Application Control or any subscription, it's just built right into the firewall.

Deeper RFC compliance is more the domain of IPS. Still not Application Control, but a subscription feature commonly covered together.

Timothy_Hall
Legend Legend
Legend

As Gunther said the IPS Core Protections enforce this, along with "Inspection Settings" located under Shared Policies.  The IPS blade is not necessary unless you are using an R77.30 or older gateway, where Core Protections and Inspection Settings were originally part of the IPS Blade.  In R80.10 and later they are part of the standard Access Policy (Firewall blade) as mentioned in my IPS Immersion video class.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
KostasGR
Advisor

Hello again

The below is from admin guide for security management r80.40.

 

Service Matching
The Security Gateway identifies (matches) a service according to IP protocol, TCP and UDP port number,
and protocol signature.
To make it possible for the Security Gateway to match services by protocol signature, you must enable
Application & URL Filtering on the Security Gateway and on the Ordered Layer.
You can configure TCP and UDP services to be matched by source port.

BR,
Kostas

0 Kudos
Bob_Zimmerman
Authority
Authority

Protocol inspection is about enforcing some protocol compliance.

Protocol signatures are more about differentiating between multiple application-level protocols used over the same port.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events