i want to learn about protocol detection?whats the difference?
I am not sure what you are referring to in the question "What's the difference"?
Each protocol is unique and CP has a signatures defined to identify those, presumably tracking the RFC compliance:
CP, UDP, and SCTP General OptionsProtocol. Select the protocol type associated with the service, and by implication, the management server (if any) that enforces Content Security and Authentication for the service. Selecting a Protocol Type invokes the specific protocol handlers for each protocol type, thus enabling higher level of security by parsing the protocol, and higher level of connectivity by tracking dynamic actions (such as opening of ports).Protocol Signature. Check Point has created a unique signature for each protocol and stored it on the gateway. The signature identifies the protocol as genuine. Select this option to limit the port to the specified protocol.Port is the number of the port used to provide this service. To specify a port range, place a hyphen between the lowest and highest port numbers, for example 44-55.
If you would like to define custom application signatures, this may be useful:
Signature Tool for custom Application Control and URL Filtering applications
I discuss this topic in the Application Control sense here: http://phoneboy.org/2016/12/14/which-comes-first-the-ports-or-the-application-id/
thanks very much.
Retrieving data ...