Application Control

This tutorial will show how to apply an Application Control policy on a Checkpoint appliance. An Application Control policy blocks or allows specific application traffic from entering an enterprise network, access to websites such as YouTube and Twitter can be denied. In this tutorial, the web applications YouTube and Twitter will be blocked.

Step 1: Power up the Check Point Appliance Connect the power supply to the appliance. The appliance is ON when the power LED is blue. Step 2: Connecting to the Firewall Connect the administrative computer to the firewall’s ethernet port number 1 with an ethernet cable.

Ensure the computer’s connected interface has DHCP enabled and has received an address from the firewall within the 192.168.1.0/24 range, similar to the example below.

On a web browser, type https://192.168.1.1:4434 on the address bar to reach the First Time Configuration Wizard

Step 3 First Time Configuration On the Welcome to the First Time Configuration Wizard, click next. On the Authentication Detail page, change the default administrator password, then click next.

On the Appliance Date and Time Settings Page, set the time manually and specify the date, time, and time zone, then click next

On the Appliance Name page, the defaults can be kept, then click next. On the Security Policy Management page, ensure Local management is selected, the click next.

On the Internet connection page, ensure the “Configure Internet connection later” option is selected, then click next.

On the Local Network page, keep all settings default, then click next. On the Administrator Access page, select the “Any IP address option”, then click next. On the Appliance Registration page, click next.

On the software Blades Activation page, ensure all Software blades are selected, then click next, then finish.

Step 4 Internet Configuration

On the Gaia Portal, on the Blade on the left side, navigate to Device > Network > Internet, and click Configure Internet.

Keep default settings and click apply. Wait and ensure that the appliance receives an IP address and status is connected. Step 5 Setting up Application Control Navigate to Access Policy > Firewall > Policy and click New under Outgoing access to the Internet. On the new rule, ensure the source is any, destination is Internet, and action is block.

Change the Application / Service to X (Twitter) and click apply; the rule should look like the following:

Repeat the previous steps to make another rule to block X (Twitter) Clients. Repeat the step again to make another rule to block YouTube.

The result will cause clients to be unable to secure a connection to YouTube or Twitter

Team:

Elias Planas Jeffrey Tarnai Zhaoyang Zhu

Last updated 4 months ago

On this page