This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Anthony_Kahwati
Collaborator
‎2022-02-04 07:49 AM

Service Objects

Hi 

Can someone clarify for me if the out of the box service objects are more than just a TCP port match?

For example, if I choose the SSH object as my service in a access policy rule does it behave differently to me creating a from-scratch service object called mySSH that also matches TCP/22? Is there any application awareness in it or is it just a TCP match with some specific timeouts?

Hope that makes sense... 

Thanks

 

Labels
0 Kudos
3 Replies
Chris_Atkinson
Employee
Employee
‎2022-02-04 08:04 AM

It depends on the specifics of the particular service object.

Then if you use objects found in the AppWiki or that otherwise have "protocol signature" enabled then more advanced recognition is performed rather than simple ports.

https://appwiki.checkpoint.com/appwikisdb/public.htm

 

0 Kudos
Timothy_Hall
Champion
Champion
‎2022-02-05 06:55 AM

Please see my post here which should fully answer your question:

https://community.checkpoint.com/t5/Management/Enable-Protocol-Signature-by-default/m-p/139285/highl...

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
the_rock
Champion
Champion
‎2022-02-05 08:27 AM

You definitely got correct answers from both @Timothy_Hall and @Chris_Atkinson , but I will tell you from my own personal experience, its hit and miss, depending on which service you use. Sometimes, it behaves the same, sometimes not...

0 Kudos