Xem mẫu

Application Control and URL Filtering R75.40 Administration Guide 12 March 2012 Classification: [Protected] © 2012 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses. Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?ID=13943 For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com). For more about this release, see the home page at the Check Point Support Center (http://supportcontent.checkpoint.com/solutions?id=sk67581) Revision History Date 12 March 2012 Description First release of this document Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on Application Control and URL Filtering R75.40 Administration Guide). Contents Important Information.........................................................................................3 Introduction to Application Control and URL Filtering.......................................6 The Need for Application Control.......................................................................6 The Need for URL Filtering................................................................................6 The Check Point Solution for Application Control and URL Filtering....................7 Main Features ..................................................................................................7 Glossary...........................................................................................................7 Getting Started....................................................................................................9 Application Control and URL Filtering Licensing and Contracts...........................9 Enabling Application Control on a Gateway........................................................9 Enabling URL Filtering on a Gateway ..............................................................10 Creating an Application Control and URL Filtering Policy..................................10 Creating Rules ...........................................................................................10 Managing Application Control and URL Filtering.............................................16 The Policy Rule Base......................................................................................16 Default Rule and Monitor Mode...................................................................16 Parts of the Rules.......................................................................................17 Limit Objects..............................................................................................21 Hit Count....................................................................................................23 UserCheck Interaction Objects....................................................................26 The Application and URL Filtering Database....................................................30 Security Category Updates.........................................................................30 Application Categories................................................................................30 Application Risk Levels...............................................................................31 Using the AppWiki......................................................................................31 Updating the Application and URL Filtering Database..................................31 The Application and URL Filtering Overview Pane ...........................................33 My Organization.........................................................................................33 Messages and Action Items........................................................................33 Detected in My Organization.......................................................................33 Top Users..................................................................................................33 AppWiki..........................................................................................................33 Gateways Pane..............................................................................................34 Applications/Sites Pane ..................................................................................34 Creating Applications or Sites.....................................................................34 Creating Categories ...................................................................................35 Creating Application or Site Groups ............................................................35 Exporting and Importing Applications or Sites..............................................35 Advanced Settings for Application and URL Filtering........................................37 HTTP Inspection on Non-Standard Ports.....................................................37 Overriding Categorization ...........................................................................37 HTTPS Inspection...........................................................................................38 How it Operates .........................................................................................38 Configuring Outbound HTTPS Inspection....................................................39 Configuring Inbound HTTPS Inspection.......................................................41 The HTTPS Inspection Policy.....................................................................42 Gateways Pane..........................................................................................46 Adding Trusted CAs for Outbound HTTPS Inspection..................................47 HTTPS Validation.......................................................................................48 HTTP/HTTPS Proxy...................................................................................51 HTTPS Inspection in SmartView Tracker.....................................................52 HTTPS Inspection in SmartEvent................................................................53 Engine Settings..............................................................................................54 Fail Mode...................................................................................................54 Check Point OnlineWeb Service ................................................................54 Connection Unification................................................................................54 Web Browsing............................................................................................55 Application Control Backwards Compatibility...............................................55 Application and URL Filtering and Identity Awareness......................................55 Using Identity Awareness in the Application and URL Filtering Rule Base.....56 Identifying Users Behind a Proxy ................................................................57 Legacy URL Filtering ......................................................................................57 Terminology...............................................................................................57 Architecture................................................................................................57 Configuring Legacy URL Filtering................................................................58 Application Control and URL Filtering in SmartView Tracker..........................59 Log Sessions..................................................................................................59 Application Control and URL Filtering Logs......................................................59 Viewing Logs..................................................................................................60 Predefined Queries ....................................................................................60 Permissions for Logs..................................................................................60 Application Control and URL Filtering in SmartEvent......................................62 Event Analysis in SmartEvent or SmartEvent Intro...........................................62 Viewing Information in SmartEvent..................................................................62 Viewing Information in SmartEvent Intro..........................................................63 The SmartEvent Intro Overview Page .........................................................63 Application Control and URL Filtering Event Queries ...................................63 Configuring UserCheck ....................................................................................65 Configuring the Security Gateway for UserCheck.............................................65 UserCheck CLI...............................................................................................66 Revoking Incidents .........................................................................................67 UserCheck Client..............................................................................................68 UserCheck Client Overview.............................................................................68 UserCheck Requirements...............................................................................68 Enabling UserCheck Client..............................................................................69 Client and Gateway Communication................................................................69 Option Comparison ....................................................................................69 File Name Based Server Discovery.............................................................70 Active Directory Based Configuration ..........................................................71 DNS Based Configuration...........................................................................73 Getting the MSI File........................................................................................75 Prepackaging with the CPMSI_TOOL .........................................................75 Distributing and Connecting Clients.................................................................76 UserCheck with Check Point Password Authentication ................................77 Helping Users.................................................................................................77 Setting up a Mirror Port ....................................................................................78 Technical Requirements..................................................................................78 Configuring a Mirror Port.................................................................................78 Connecting the Gateway to the Traffic.........................................................79 Configuring the Interface as a Mirror Port ....................................................79 Checking that itWorks................................................................................79 Removing the Mirror Port............................................................................79 Index .................................................................................................................81 ... - tailieumienphi.vn
nguon tai.lieu . vn