This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
emmap
Employee
Employee
‎2024-05-07 11:44 PM
In response to S_E_

OK, let's say your rule is: Source: 10.1.1.0/24 ; Dest: apple.com ; Service: https

If the gateway sees HTTPS traffic from a source 172.16.1.1 to any IP, the gateway does not do a lookup on the FQDN because the source cannot match the rule.

If the gateway sees SSH traffic from 10.1.1.1 to any IP, the gateway does not do a lookup on the FQDN because the service cannot match the rule.

If the gateway sees HTTPS traffic from 10.1.1.1 to any IP, the gateway DOES do a lookup for apple.com, because the connection could match the rule. If the destination IP matches the returned IP address from the lookup, the rule is matched. If it does not match, the rule matching continues down the policy.

View solution in original post

(1)
Who rated this post