In this article we will introduce the Application Control, URL Filtering and Content Awareness features, as well as HTTPS Inspection on the Check Point firewall device.
– Application Control and URL Filtering allows identification and control of URLs and applications, including Web and social networks.
– Open Object Explorer and select Application Categories to view categories and applications.
– You can look up categories and applications by.
– You can also look up at Check Point AppWiki.
– Content Awareness as part of Access Control allows content-based control of traffic by identifying files and their contents. Content Awareness limits the types of data users can upload or download and checks HTTP, HTTPS, FTP and SMTP protocols.
– You can view supported file types in Object Explorer.
– First we will enable features on Security gateway. In SmartConsole, open the gateway and check Application Control, URL Filtering, and the Content Awareness Software Bladesthen select OK to save.
– Now we will add a Layer layer in Access Control. In Access Control > Policy right click select Edit.
– And add new Layer.
– Name the Layer “Application” and enable Applications & URL Filtering and Content Awareness Blades in General.
– Go Advanced tab and choose Accept option for Implicit Cleanup Action.
– Then select OK to finish.
– Now we can see new Application Layer in Access Control Policy with default Cleanup Rule – Accept.
– This layer will be used to control access to web and applications.
– Our access policy is based on 2 Layers: Network layer and Application Layer. Traffic will be filtered through the Network layer before passing through the Application Layer.
– With R80.x, Access policy can be layered, or unified, where Network filtering, Application Control, URL Filtering and Content Awareness can be combined in a single layer.
+ HTTPS Inspection
– According to various sources, today, between 50% and 75% of Internet traffic is HTTPS. That means HTTPS Inspection is necessary to effectively control web traffic.
– In essence, HTTPS Inspection is a man-in-the-middle attack technique, where Security Gateway decrypts and re-encrypts TLS traffic on both client to server and server to client directions.
– Before installing Security Policy, you need to enable HTTPS Inspection. Double-click on Security Gateway and select the HTTPS Inspection tab. Here you can import or create a new certificate. Select Create and set up DN (testlab.local) and key password.
– Once the certificate is created, you need to export it, to install it on the end user’s machine.
– Finally, select “Enable HTTPS Inspection” checkbox and select OK.
– We have completed the initial configuration for the HTTPS Inspection feature.
– Now we will create a new Inspection Policy, go to Application Layer and add a new rule.
- Put LanNetwork like Source.
- In Services & Application column more Anonymizer & Social Networking categories
– In column Action, select Drop > Blocked Message.
– Add another rule below and add Executable File in Content.
– Right-click on Any Direction and select Downset Action to Drop > Blocked Messages.
– In Cleanup rule, Action to Accept and enable Detailed Log.
– Once completed, it will look like this:
– Select Install Policy to install Policy.
– Before checking the Inspection Policy set up above, we will install the created certificate on the Lab User PC.
– Copy the certificate to the device you want to install, open the certificate file and select Install Certificate.
– Transparent Import Wizard process, select Local Machine.
– Select Yes.
– Select Trusted Root Certificate Authorities store to install.
– Select Next.
– Complete Installation Wizard.
– Open a browser and go to google.com. Select the lock icon to view the certificate.
– You can see the google.com certificate has been changed to testlab.com. That means HTTPS inspection is active, Security Gateway decrypts and re-encrypts HTTPS traffic between the user and the web server.
– Now try accessing facebook.com, you may see Certificate Error warning and be redirected to the IP address of Security Gateway.
– Select Continue to this website, you will see Block Message.
– View the certificate and install it.
– Try accessing Twitter, you will not see the Certificate Error warning and will only see Block Message.
– To test the Content Awareness feature, try downloading the .exe file.
– Download will be locked.
– Go back to Security Policy and view access logs.
!!! Thank you for following the article!!!
Xem tiếp...