Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
abihsot__
Advisor

appl/urlf AWS S3 not recognized

Hi there,

R80.30 JHF111 with inspection enabled. I build the policy with only AWS S3 application allowed. Everything else is dropped.

In the logs I see that when connection goes to s3.amazonaws.com, it is recognized correctly, but when connection goes to s3.eu-central-1.amazonaws.com for example, it is now no longer S3 app, but generic computers/internet category.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

What is your precise rule for allowing this?
Screenshot?
0 Kudos
abihsot__
Advisor

Hi,

the rule is very simple:

source: server, destination:internet, services&app - amazon S3. Next rule - drop any. 

As a workaround I added custom app with urls I mentioned in previous post which are not automatically recognized as Amazon S3, however I am interested what attributes second link is missing that prevents tagging it as AWS S3 app. I would guess that checkpoint is not making decision about app only by url.

 

s3.amazonaws.com

s3.eu-central-1.amazonaws.com

0 Kudos
PhoneBoy
Admin
Admin

I suspect some of the AWS regions might not be recognized properly by the App Control signature.
Might be worth a TAC case.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events