In every company you would have something called acceptable use policy. In that policy there will be lots of rules and regulations about what users are allowed to do. One of the rules can be for example that you cannot go to certain website categories like facebook, gaming, torrents, porn, you name it… And what is stopping users of going to that web sites? Yeah checkpoint can do that!
What if some social media web pages are OK, like facebook, however certain applications inside of these social media pages are not allowed – like farmwhile? How do we control what content can be allowed on allowed web pages? Thats the application control functionality in checkpoint!
But speaking more professionally HTTP is now the new TCP how they called. You can run over HTTP so many applications. Even word and excel is now available through your browser. They call it thin client applications. Thats why there is really need to have this application control to inspect HTTP and know what is inside of it.
By implementing app control and url filtering you can protect against:
- malware – not accessing pages containing virus can mitigate malware risks
- bandwidth abuse – you can also limit bw usage for certain web pages like youtube, facebook, etc…
- non-approved sites – you cant connect to pages that can harm internal resources of the company
Both application control and URL filtering are licensed features. You need to enable them on the FWs, then add some rules and push policy. Thats it, very simple 3 steps.
After enabling the app and url filtering feature you can start creating policy rules. You can see in the picture default policy created.
In the next picture I have added some rules to filter pornography which is blocked but also I allowed facebook and I am tracking it. Then the first rule limit the download and upload of all media stream services to 128 kbs. Prepare to have very unhappy users in company 😀