Post

Check Point App Control & Content Awareness

Posted
By Sena Perdiana 2 min read

URL Filtering: This blade controls access to websites by sorting them into categories, allowing us to easily block malicious or inappropriate sites to enforce our web usage policy.

Application Control: This feature provides granular control by identifying specific applications and their functions, letting us decide not just if a user can access a site, but what they are allowed to do there, like blocking a file upload while still permitting browsing.

Content Awareness: Acting as a Data Loss Prevention (DLP) engine, this blade inspects the actual data within files and traffic, blocking the transfer of any information that matches predefined sensitive content like confidential keywords or specific file types.

URL Filtering

Lets start off with URL Filtering, to do that we enable URL Filtering & Application Control Blades

x


Next we need to enable both Blades on the Policy Package, this will allow us to use the features on each policy rule

x


Then we create the policy, here we set up a simple URL Filtering policy where users are not allowed to access proxy sites in a pre-made bundle called Anonymizer

x


And when we test trying to access proxy sites, the connection will get blocked

x


On the logs we can see the traffic was blocked by the URL Filtering Blade

x


Application Control

Application Control lets us control the traffic even more granularly, for example instead of blocking the whole site, we will only block a upload operation, allowing users to browse and download but not not upload. To do this, Firewall needs to be able to inspect into the encrypted traffic over https using HTTPS Inspection Blade.


After that, we can set up a simple policy to block a specific upload operation of dropbox web

x


Now users can still access dropbox but any upload operation will result in a failure

x


On the logs side, we can see the traffic was dropped by the Application Control Blade

x


Content Awareness

Content Awareness give ever more granular control over the allowed traffic, instead of blocking an entire upload operation of a site, we can set this to only block a certain data type or content type of a file, forcing certain files to never leave the network while allowing others. To do this, first we enable the blade

x


We also enable the blade on the policy package

x


Then we can set up a simple rule to block any upload operation of microsoft word documents

x


Now if we try uploading any docx files, it will be blocked while other file types are allowed

x


The logs also show this block is the work of Content Awareness Blade

x


Other than file type, we can also control files based on their content, hence the name content awareness, here we set up a rule to block any files that contains name ‘Top_Secret’

x


Now any files with name Top_Secret will also get dropped

x

x


Security, Check Point
Check Point
This post is licensed under CC BY 4.0 by the author.