This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
Legend
Legend
4 hours ago
Jump to solution

Limiting number of connections per user/IP address during specific timeframe

Hey guys,

I really hope someone can confirm for me if something like this is even possible with Check Point firewall, because so far, what I had tested in the lab and found in guides/support sitee, does not sadly suffice.

Customer would want to do something like this -> say they wish to ONLY allow 100 connections per hour to speficic user / IP address to connect to whatever internally.

Something like below with Fortinet:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Limit-connections-to-a-specific-destinatio...

 

They did open TAC case for this and engineer responded and gave all of below, but none of these options would actually let them configure it in a way they want.

Thoughts?

Tx as always.

TAC response:

 

Rate Limiting Rules


Network Quota


Penalty Box


DoS-All Signature Profile


Connection Limits on HTTP/S


Here is an example of how to configure Network Quota in SmartConsole:

Go to Manage & Settings.
Click on Blades.
In the General section, click on Inspection Settings.
In the left tree, click on General.
Search for Network Quota.
Right-click on Network Quota and click on Edit.
Select the relevant IPS profile and click on the Edit (pencil) button.
In the left tree, click on General Properties and select Override with Action - select Drop.
In the left tree, click on Advanced - set the desired timeout and add the specific host/application object.
Click OK to close the "Network Quota" properties window.
Click on the Close button to close the "Network Quota" properties window with IPS profiles.
Close the "Inspection Settings" window.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
3 hours ago
In response to the_rock
Jump to solution

That would make the request an RFE. 🙂

View solution in original post

9 Replies
PhoneBoy
Admin
Admin
4 hours ago
Jump to solution

I don't see where the Fortinet does the "per hour" bit based on the screenshots in that community post.
Rate limiting rules (using quota) is probably the way to go here, depending on their exact requirements: https://support.checkpoint.com/results/sk/sk112454 

0 Kudos
the_rock
Legend
Legend
3 hours ago
In response to PhoneBoy
Jump to solution

Thanks as always @PhoneBoy . I included a video of it, its not in the post, you are correct, but, below is how you would do it. Yes, that link was also sent by TAC, but thats not sadly what customer wants to do, they would ONLY want to do this via the rule, thats it.

Andy

 

(view in My Videos)

0 Kudos
PhoneBoy
Admin
Admin
3 hours ago
In response to the_rock
Jump to solution

So they want to create a connection limit that applies only to a specific Access Policy rule?
We do have "limit" objects, but they only restrict bandwidth usage, not number of concurrent connections.

0 Kudos
the_rock
Legend
Legend
3 hours ago
In response to PhoneBoy
Jump to solution

Thats right. We did see that option last week, but as you said, its only bandwidth, not number of connections.

0 Kudos
PhoneBoy
Admin
Admin
3 hours ago
In response to the_rock
Jump to solution

That would make the request an RFE. 🙂

the_rock
Legend
Legend
3 hours ago
In response to PhoneBoy
Jump to solution

K, fair enough. Thats all I wanted to confirm...THANK YOU! 🙂

Andy

0 Kudos
PhoneBoy
Admin
Admin
2 hours ago
In response to the_rock
Jump to solution

For fun, I asked @CheckMatesAI the question.
Except I fed it the wrong message ID and got:

You're welcome, Andy! If you have any more questions or need further assistance regarding limiting connections per user/IP address or any other Check Point features, feel free to ask. Have a great day! 😊

When I fed it the correct message ID, I got a recommendation to use Network Quota, similar to what TAC told you.

0 Kudos
the_rock
Legend
Legend
2 hours ago
In response to PhoneBoy
Jump to solution

I know haha, I asked same question to copilot AI last week and its exactly the answer I got 🙂

Andy

0 Kudos
the_rock
Legend
Legend
an hour ago
In response to PhoneBoy
Jump to solution

Just asked again and its more less the same 🙂

Andy

Answer:

Yes, you can limit the number of connections per user or IP address in Check Point Quantum Management. This can be achieved using the IPS 'Network Quota' protection feature, which allows you to set a limit on the number of connections from a specific IP address. Here's how you can configure it:

  1. Access SmartConsole:

    • Navigate to the "MANAGE & SETTINGS" app.
    • Click on "Blades" and then "Inspection Settings".

  2. Configure Network Quota:

    • In the left tree, click on "General".
    • Search for "Network Quota" and right-click to edit.
    • Select the relevant IPS profile and click on the Edit (pencil) button.
    • In "General Properties", select "Override with Action" and choose "Drop".
    • In "Advanced", set the desired timeout and add specific host/application objects as exceptions if needed.

  3. Install Policy:

    • After configuring, install the Network Security policy on the Security Gateway.

This setup will block new connections from a source IP address once the configured limit is exceeded. Be cautious to avoid blocking legitimate IP addresses. For more detailed instructions, you can refer to the Check Point documentation.

If you need further assistance or have specific requirements, feel free to ask!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events