This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Parabol
Contributor
‎2023-11-09 03:33 AM

Implementing a rule for access to ever changing Mirror/Repository FQDNs, is it possible?

Hi all,

We had a request to permit a system access to centos and dell mirror/repositories. The FQDN objects .centos.org and .dell.com were added to the destination of the rule.

The rule matched a lot of traffic, but it was evident that when the system pulled its updates, it was contacting a whole bunch of different mirror FQDN's that do not even contain relevant words.

And so this made me think an FQDN-object based rule is not possible for this scenario. And likely the IP's and FQDNs will continually change for such mirrors over time.

And so, other than changing the destination to permit all internet access, I cannot think of a more restrictive way to manage this access. Does such a way exist?

Thanks!

0 Kudos
2 Replies
Erling_Strand
Employee
Employee
‎2023-11-09 04:01 AM

Hi,

CentOS uses YUM, there is an object for that. Have you tried allowing based on application object in AppCtrl instead?

Erling

Parabol
Contributor
‎2023-11-09 04:50 AM
In response to Erling_Strand

Hi Erling! Would the Yum AppCtrl object essentially permit any repository/mirror downloads, regardless of FQDN/IP, as long as it's initiated in the Yum utility? This could be viable if so..

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top