This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
madne_55
Participant
2 weeks ago

Native application - iOS application that should talk to server

Her commes the long shot!

FW info:

HA Cluster:

2x1590 appliances

Version: R81.10.10 (2993)

I' trying to make object: I GUESS native application that should enable iOS application on Ipad/Iphone to talk to one of clients servers.

Developer of CROSSPAD application provided med with information in form of:

- application name

- IFS STI path

-URL:

*query manager information

*webservice information

*RPA service information

and

*Service Monitor Console

all URLs are HTTP URLs

 

I still not sure what to go for here. Anyone have a valid solution to present me with?

I appreciate every help I can get.

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
2 weeks ago

Are these SMB gateways locally managed or centrally managed through Smart-1 (Cloud)?
What's the topology here?
Specifically, where is the iOS device, the server, and the SMB gateways relative to each other?
Is this over a VPN or just out to the Internet?

If these URLs are HTTPS URLs, if you need to be more granular than the host portion of the URL, you will need HTTPS Inspection.

The more information you can give us, the more likely we will be able to assist you.

0 Kudos
madne_55
Participant
a week ago
In response to PhoneBoy

SMB Gateways are centrally managed.

IOS device is in production network and should talk to server on server network, all managed by cluster (LAN1.A network and LAN2.B network, we can call it like that).

There is no need for VPN.

Question still stands, what type application or form of communitaction/rule should I implement here.

No need for VPN.

0 Kudos
PhoneBoy
Admin
Admin
a week ago
In response to madne_55

Both the client and server are on protected segments of the gateway, correct?
Without knowing the exactly details provided and the specific security requirements, it's difficult to provide specific advice.
However, you have two basic options: by port or by URL.

To allow access to a "URL," in general, involves a Custom Application/Site object, which are inspected on the standard HTTP/HTTPS ports plus the proxy port (8080) by default (ports can be added to this).
If the URLs are not HTTP specifically (i.e. they are HTTPS), then for those URLs to be properly inspected, you also need to use HTTPS Inspection.
This requires deploying a trusted CA certificate on the relevant endpoints, which is a bit of a cumbersome process on iOS devices without some sort of Mobile Device Management solution. 
If the application uses Certificate Pinning and/or requires mutual TLS authentication, HTTPS Inspection will not work.

If you cannot or don't wish to use HTTPS Inspection, then you open the relevant TCP/UDP ports for the application.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
a week ago

I do not see much of a problem - you want to connect from one internal net to another, so all depends on the inspection and routing settings. First step is to try communication and note the log entries, you will see what has to be configured on the way !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events