- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Like I said, you need to limit either the destinations, the services, or both.
This advice applies to one or more of 8, 17, 20, 24.
Each one of these rules could easily be two rules.
One example:
Replace http/https with the precise services that are actually required for Internet access and nothing more.
This is by far the most performant approach.
Another option would be to put a rule near the bottom of your App Control rulebase like the following:
To get the Service column to show up in your App Control rulebase, right click on the title bar and check Service.
If you don't want to outright block the traffic, you can instead use the action "Limit" and specify whatever sort of limit you wish to place on this traffic.
Note the limit applies for anything matching this rule and should be below more specific rules.
Please share some additional information if you would like assistance e.g.
- Version & JHF?
- SSL / HTTPS inspection? Y/N
- Classification (hold) mode Y/N
- What alternate rule in the policy is matching the traffic?
yes both FW and Application control rules.
I suspect you're allowing UDP high ports to random places on the Internet, which is generally not best practice. - How do i stop this??
Sorry i am not having much knowledge of firewalls doing just some RnD. Support is not available trying to do it myself.
We have some firewall rules which state from any to any. please find the SS attached.
For an effective strategy you will need to limit (reduce) the number of such rules and get more detailed with the permitted services and destinations.
Hi,
i will make sure of that during the installation of latest firewall. for time being i am looking for the solution to block torrent or limit the download speeds(only for torrent not whole interface).
Thanks,
Prashant.
Like I said, you need to limit either the destinations, the services, or both.
This advice applies to one or more of 8, 17, 20, 24.
Each one of these rules could easily be two rules.
One example:
Replace http/https with the precise services that are actually required for Internet access and nothing more.
This is by far the most performant approach.
Another option would be to put a rule near the bottom of your App Control rulebase like the following:
To get the Service column to show up in your App Control rulebase, right click on the title bar and check Service.
If you don't want to outright block the traffic, you can instead use the action "Limit" and specify whatever sort of limit you wish to place on this traffic.
Note the limit applies for anything matching this rule and should be below more specific rules.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
1 | |
1 | |
1 |
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 02:00 PM (EDT)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - AMERAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY