topic Re: Checkpoint as a Proxy-Block Page in Firewall and Security Management

Checkpoint as a Proxy-Block Page

Nikolaos_Liakop — Wed, 06 Apr 2022 20:55:23 GMT

I am well aware of the fact that when a user visits a "blocked" http url , CP will redirect the user to a UserCheck block page.

Can the aforementioned behavior be accomplished with HTTPs urls as well and without https inspection enabled ?

Also, provided that I configure Checkpoint as a non-transparent proxy and that I only have "HTTPs Categorize Sites" enabled, if my users visit a https web page that gets blocked by the URL filtering blade, will CP return to the user a UserCheck Block Page ?

Re: Checkpoint as a Proxy-Block Page

the_rock — Wed, 06 Apr 2022 23:43:38 GMT

I dont think there is any way to have that behavior without inspection enabled, because in that case, yes, page wont work, but block notification will never come up, as there is nothing to be intercepted by the firewall, since the inspection cert that would have been presented when https inspection is on, would not be there.

Re: Checkpoint as a Proxy-Block Page

PhoneBoy — Thu, 07 Apr 2022 03:30:16 GMT

HTTPS Inspection must be enabled for HTTPS UserCheck pages to work as a redirect is required, which requires injecting a redirect into the connection.
That can’t be done without decrypting and reencrypting the traffic.