This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
gmiretzky
Explorer
‎2020-08-14 02:25 PM

Where can i get information about Protocol Inspection

Hi,

I am using R80.10 and i am a little confused about the protocol inspection feature and would like to get some information about it.
I am trying to figure out what is the difference and how is related to the inspection feature ?
When i create a new service , i can configure it with a protocol , for example , TCP_4430 will be a TCP port of 4430 , but configured with HTTP protocol . This is (af far as i understand) call Protocol Inspection feature . Is that right ? Is there a list of protocol that this feature support ? Is it only TCP & UDP ? Can it be (for example) IGMP ? or VRRP ?

The other feature , is the Inspection settings , where you have 1 profile per gateway , and you can configure Allow or DROP for a list of protocol issues.

How this two features are related ? For example, if i configure TCP port 4430 , but i will not configure it as HTTP protocol , will it still be inspected as HTTP under the second inspection settings ? The question is , are this two features related ?

Also, is there a "good" filter for searching and finding logs related to inspection settings? and to protocol settings ? As far as i could see, it is not under any Blade and it is not part of IPS and there is no way to filter/search for this logs.

Any help will be much appreciated.

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2020-08-17 09:21 PM

Both settings are basically “firewall” functions.
The Inspection Settings are more “protocol anomaly” related whereas the settings in a specific service are more like a “make sure it’s this kind of traffic before allowing it.”

Note that for HTTP type traffic, there is an additional setting that must be configured to ensure that port is used anytime “web browsing” is referred to.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events