Tuesday, April 21, 2020

Over hauling HTTPS Inspection policy those with experience how did you organize your policy?

Specifically using Checkpoint.

Old policy is a jumble of individual rules mixed with categories, mixed with applications, mixed with IPs (And there's a lot.)

I'm thinking that dumping all the sites that don't play well with into a custom application that has them as a list instead a single rule. Then adding categories then applications (predefined and custom) beneath that.

However reading over best practices I don't actually see a lot of information on the best method to do this... Rather don't mix applications with pre-defined categories.

EG: Dropbox AND "file storage/sharing"

Our rule base grew to cumbersome thus causing it to go on the fritz and in some cases inspect bypass objects or not get inspected when it should have. (Still happened with R80.30)

Thanks for the help in advance.



No comments:

Post a Comment