This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mikel_Aanstoot
Contributor
‎2019-10-18 12:08 AM

Domain based IPS exception

Hello, could not find a solution for this. Some users need SSH access with a random port range to a domain based object. Reason is that domain can exist of 200+ IP addresses so domain object makes sense.  From a firewall perspective this works fine. But IPS SSH over Non Standard Ports protection is blocking the connection as it should. However, when I want to make an exception it does not allow the domain object as Destination. Is this indeed a limitation ? That would not make my very happy. Or is there another solution where I don't have to make an exception for Internet or configure all 200 IP addresses (which can change on regular basis)

We are running R80.10 on gateways and R80.20 on Management server.

kind regards,

Mikel

0 Kudos
3 Replies
G_W_Albrecht
Legend Legend
Legend
‎2019-10-18 01:38 AM

Why not make the exception with source user group instead ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Mikel_Aanstoot
Contributor
‎2019-10-18 01:43 AM
In response to G_W_Albrecht

That would still mean that for this user group a total exception for this protection ? I prefer to narrow it down so they can ssh to this specific domain on higher ports but not to other environments. So preferably user group as source, domain as destination 

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-10-18 05:32 AM

Domain objects can only be used in the Access Control policy layers.  They cannot be used in Threat Prevention which includes exceptions.  It is possible to force a domain object into a TP policy via the SmartConsole by creating a brand new one right in the cell of a TP rule/exception, but then this happens:  sk122295: Threat Prevention blades cause problems when the domain object is defined

also

sk124852: Can Domain Objects be used in Geo Protection exceptions?

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events