This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
abihsot__
Advisor
‎2020-02-17 08:25 AM

appl/urlf AWS S3 not recognized

Hi there,

R80.30 JHF111 with inspection enabled. I build the policy with only AWS S3 application allowed. Everything else is dropped.

In the logs I see that when connection goes to s3.amazonaws.com, it is recognized correctly, but when connection goes to s3.eu-central-1.amazonaws.com for example, it is now no longer S3 app, but generic computers/internet category.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2020-02-20 01:48 PM

What is your precise rule for allowing this?
Screenshot?
0 Kudos
abihsot__
Advisor
‎2020-02-24 01:26 AM
In response to PhoneBoy

Hi,

the rule is very simple:

source: server, destination:internet, services&app - amazon S3. Next rule - drop any. 

As a workaround I added custom app with urls I mentioned in previous post which are not automatically recognized as Amazon S3, however I am interested what attributes second link is missing that prevents tagging it as AWS S3 app. I would guess that checkpoint is not making decision about app only by url.

 

s3.amazonaws.com

s3.eu-central-1.amazonaws.com

0 Kudos
PhoneBoy
Admin
Admin
‎2020-02-24 04:34 PM
In response to abihsot__

I suspect some of the AWS regions might not be recognized properly by the App Control signature.
Might be worth a TAC case.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top