Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Anthony_Kahwati
Collaborator

Service Objects

Hi 

Can someone clarify for me if the out of the box service objects are more than just a TCP port match?

For example, if I choose the SSH object as my service in a access policy rule does it behave differently to me creating a from-scratch service object called mySSH that also matches TCP/22? Is there any application awareness in it or is it just a TCP match with some specific timeouts?

Hope that makes sense... 

Thanks

 

0 Kudos
3 Replies
Chris_Atkinson
Employee
Employee

It depends on the specifics of the particular service object.

Then if you use objects found in the AppWiki or that otherwise have "protocol signature" enabled then more advanced recognition is performed rather than simple ports.

https://appwiki.checkpoint.com/appwikisdb/public.htm

 

0 Kudos
Timothy_Hall
Champion
Champion

Please see my post here which should fully answer your question:

https://community.checkpoint.com/t5/Management/Enable-Protocol-Signature-by-default/m-p/139285/highl...

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
the_rock
Champion
Champion

You definitely got correct answers from both @Timothy_Hall and @Chris_Atkinson , but I will tell you from my own personal experience, its hit and miss, depending on which service you use. Sometimes, it behaves the same, sometimes not...

0 Kudos