This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alex_Weldon
Contributor
‎2018-04-11 06:37 AM

Custom Application by destination address / port combination?

Hi - R77.30

Using custom applications, I don't see a way to identify an application by destination address and port combination. Is this not currently supported in R77.30 / App control signature tool? I see there are various other ways to define but none that fit this particular case.

0 Kudos
8 Replies
G_W_Albrecht
Legend Legend
Legend
‎2018-04-12 05:20 AM

In R77.30 App Control this can be defined very easily:

- Application & URL Filtering > Applications/Sites > New

- type name for App (mySpecialSite) and click Next

- type IP (172.27.39.198:8080), click Add and click Next

- select Additional Categories and click Next

- click Finish

- use App in policy

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Alex_Weldon
Contributor
‎2018-04-12 05:23 AM
In response to G_W_Albrecht

Thanks for that, what about an address range? 172.27.39.0/24 lets say.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-04-12 06:43 AM
In response to Alex_Weldon

An address range is no site.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-04-12 06:49 AM
In response to G_W_Albrecht

...but you could try a regular expression instead !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Alex_Weldon
Contributor
‎2018-04-12 07:27 AM
In response to G_W_Albrecht

Thanks, yeah I wasn't quite sure how to best address it. We have a few applications that reach out to a variety of address ranges with a defined port. But, they always show as unknown traffic wasn't sure if there was a solution for it in 77.30. Thank you for the suggestions though.

0 Kudos
Victor_MR
Employee Alumnus
Employee Alumnus
‎2018-04-21 09:17 AM

However, I'm wondering if you would not prefer to just use a regular firewall rule for this (also full accelerated traffic) instead of an Application Control rule with just layer 4 information.

🙂

0 Kudos
PhoneBoy
Admin
Admin
‎2018-04-21 09:55 PM

The "Services" column is hidden in the R77.30 App Control rulebase but can be shown by right-clicking on the section headings in the rule and selecting Service.

Now you can restrict the ports for any App Control rule, if you desire.

0 Kudos
Alex_Weldon
Contributor
‎2018-04-23 05:13 AM

Thanks everyone for the suggestions. The rule is defined on the firewall side already with defined source, destination, and services. The issue I am trying to resolve is on the app control/url filtering side of things, all of the allowed known traffic is categorized as "Unknown Traffic" So we can sometimes have 1-2 gigs of "Unknown Traffic" even though it is a known and defined application which is what we were hoping we could define. I reached out to TAC who said they could create a custom application based on packet captures so I will provide them and see how it goes.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top