CheckPoint : Application Control with Security Gateway

 1. Apa itu Application Control?

Application Control adalah fitur di CheckPoint yang memungkinkan firewall untuk:

Mengidentifikasi dan mengontrol aplikasi berbasis traffic, bukan cuma port/protocol.

Jadi bukan sekedar:

  • Port 80 = HTTP
  • Port 443 = HTTPS

Tapi bisa tahu:

  • Facebook
  • YouTube
  • Zoom
  • BitTorrent

meskipun mereka pakai port yang sama (443)

2. Tujuan Application Control

  1. Kontrol aplikasi berisiko (torrent, proxy anonymizer)
  2. Batasi penggunaan bandwidth
  3. Enforce policy berbasis aplikasi (bukan IP/port lagi)
  4. Visibility: tahu user pakai aplikasi apa saja

3. Cara Kerja (Technical Flow)

  1. User mengakses internet (misal buka YouTube)
  2. Traffic masuk ke Security Gateway
  3. Engine Application Control melakukan:
  • Deep Packet Inspection (DPI)
  • Signature matching
  • Behavioral analysis
  1. Aplikasi teridentifikasi (misal: YouTube)
  2. Firewall cocokkan dengan policy
  3. Action:
  • Allow / Block / Limit / Track

4. Komponen Penting

1. Application Control Blade

  • Database ribuan aplikasi
  • Update dari cloud Check Point

 2. Security Gateway

  • Inspect traffic real-time
  • Identify aplikasi meskipun pakai HTTPS

3. Management Server

  • Tempat define policy di SmartConsole
  • Teknik Identifikasi Aplikasi

CheckPoint tidak hanya melihat port, tapi kombinasi:

1. Signature-Based Detection

  • Pola unik aplikasi

 Contoh: pattern traffic YouTube, Netflix

2. Protocol Decoding

  •  Decode layer aplikasi (HTTP, HTTPS, DNS, dll)

3. Behavioral Analysis

  •  Cara aplikasi komunikasi (flow, session)

4. Heuristics + Cloud Lookup

  •  Query ke database cloud jika tidak dikenal

5. HTTPS Handling (Penting!)

Karena banyak aplikasi pakai HTTPS:

Tanpa SSL Inspection:

   Deteksi berdasarkan:

  • SNI
  • IP reputation
  • known signatures

 Dengan SSL Inspection:

Bisa lihat full traffic → lebih akurat

Ini penting banget buat:

  • YouTube vs YouTube CDN
  • Facebook vs Facebook Chat

Contoh Policy di SmartConsole

Misalnya:

  • Source: Internal_Network
  • Destination: Internet
  • Application/Site: YouTube, Facebook, BitTorrent
  • Action: Block
  • Track: Log

Atau lebih granular:

  • Application/Site: YouTube
  • Action: Allow

  • Application/Site: BitTorrent
  • Action: Block

6.Kesimpulan

Application Control di Check Point:

 Mengontrol traffic berdasarkan aplikasi

 Menggunakan DPI + signature + behavior analysis

 Sangat powerful jika dikombinasikan dengan:

  • URL Filtering
  • SSL Inspection
  • Identity Awareness

Topology


1. Pre-Setup
  • Enable Blades App Control & URL Filtering

  • Click Policy and edit Policy.

  • Checklist Application and URL Filtering.

  • Install Policy to run feature App Control & URL Filtering.

  • Click Install.

  • Verify License App Control & URL Filtering in Device Checkpoint.

  • Test Connection to dst web before block traffic.
                             #Block Sosmed.
  • Create Policy as below and click install policy.
  • Click Install.
  • Test Connection after create policy to block traffic facebook.com.




Thank youu all..................................