Create a Post
Showing results for 
Search instead for 
Did you mean: 

User category with specific services in Application Rules

Hellow, I have a Checkpoint 80.40, and I need to create a rule with specific source IPs, but destination must be URLs (not IPs), with specific services (9091 and 9092).

My idea was create a security police with specific source IPs, destination ANY, services 9091 and 9092. And, in application, I created two rules:

Rule1 - source: IPs mensionaded, destination: Internet object and, in  Service Application Sites, I created a Custon AplicationSites, with my URLs, action: ACCEPT.

Rule2 - source: IPs mensionaded, destination: Internet object, services: 9091 and 9092 and action: DROP.


But, I found out  that my  Application Sites uses Custom_Application_Site category, that works only with the services HTTP, HTTPS, HTTP_proxy and HTTPS_proxy. Thats why It doens't match in services 9091 and 9092.


What can I do in this case?


I tried to create an User Category, but I can't associeted the services 9091 and 9092.





0 Kudos
2 Replies

Thats a tricky what happens is this. If you wish to say create custom appsin services, you can do that, but you need url filtering enabled. Rules you created make sense to me. By the way, you can add domain objects in destination.




As far as I know, this are your options:

  1. Edit the list of services (TCP ports), the URL filtering blade is using for the Custom Application/Site objects: SmartConsole: Manage & Settings -> Blades -> Application Control & URL Filtering -> Advanced Settings -> Application Control Web Browsing Services: Add your service objects for ports 9091 and 9092 there. But beware, this is a global setting, not only for a specific gateway or policy.
  2. Create a full featured custom application object using the Signature Tool from sk103051 instead of a simple "Custom Application/Site object" in SmartConsole.



Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events