This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
andy_currigan
Contributor
‎2019-08-06 08:15 AM

SSL protocol in application control rules

we have a strange behaviour with ssl protocol and application control.

customer notify us that some sites that should be blocked by the application control were accessible (like facebook)

rules are configured in whitelist mode (allowing specific categories and applications and a block all rule a the bottom)

after investigating we notice that there was an application control rule that enabled https to internet that allow facebook and many other sites, once disabled that rule all these sites were correctly blocked by the application control rules but we got also lot's of traffic blocked as "SSL protocol" and we needed to recover the rule.

how can we enable ssl protocol and block these sites at the same time?

one solution would be to change the policies to a blacklist mode but the customer want to keep the rules in whitelist mode.

thanks

 

 

2 Replies
PhoneBoy
Admin
Admin
‎2019-08-06 07:30 PM

SSL protocol is a fairly generic application signature, matching all HTTPS traffic.
This could include uncategorized websites, which may not be what you want to allow.
Your best bet is to whitelist the specific SSL traffic you wish to allow by source/destination or create some sort of signature for the traffic you wish to allow.
rloureiro
Explorer
‎2020-08-11 05:37 AM
In response to PhoneBoy

Hi all,

When access to a permitted website is blocked, if we open it with Internet Explorer we can access it and once we have accessed it from Internet Explorer we can access it from the rest of the browsers.

This is a very strange behaviour. Maybe it is necessary to allow the ssl_v2 and v3 service?

Thank you.

Regards.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events