topic Re: Does anyone know if there are any restrictions on scanning malicious URLs when using monitor mod in Firewall and Security Management https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-anyone-know-if-there-are-any-restrictions-on-scanning/m-p/168349#M30464 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/41270">@ChoiYunSoo</a>&nbsp;</P> <P>I think you are asking in the wrong board. The forum for Harmony Email &amp; Collaboration is here:&nbsp;<A href="https://community.checkpoint.com/t5/Email-and-Collaboration/bd-p/cloudguard-saas" target="_blank">https://community.checkpoint.com/t5/Email-and-Collaboration/bd-p/cloudguard-saas</A>.</P> <P>Thanks,</P> <P>Abigael</P> <P>&nbsp;</P> Thu, 19 Jan 2023 12:47:46 GMT Abigael_Levy 2023-01-19T12:47:46Z Does anyone know if there are any restrictions on scanning malicious URLs when using monitor mode? https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-anyone-know-if-there-are-any-restrictions-on-scanning/m-p/168347#M30463 <P>Hi</P><P>&nbsp;</P><P>Does anyone know if there are any restrictions on scanning malicious URLs when using monitor mode?</P><P>I am currently testing the check point e-mail security function in the internal environment in monitor mode.</P><P>Since it is a traffic mirror environment, MTA is disabled and only Threat Emulation, anti-virus, and anti-bot functions are enabled.</P><P>&nbsp;</P><P>Functions such as file emulation are showing satisfactory test results.</P><P>However, in the case of mailcious URLs attached to e-mails, it seems that they cannot be inspected properly in Monitor mode.</P><P>As far as I know, malicious URLs should generate logs after performing reputation-based inspection.</P><P>Reputation.However, in the current test environment, no logs related to URLs are left.</P><P>It looks like it probably doesn't perform any checks.</P><P>&nbsp;</P><P>I tested in a real environment, not a mirror environment, to check if the test URL information was incorrect.</P><P>In a real environment, I checked the normal URL inspection log as expected.</P><P>As mentioned at the beginning, if there are any restrictions when using the monitor mode in these inspection logics, please let us know.</P><P>&nbsp;</P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P> Thu, 19 Jan 2023 12:28:29 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-anyone-know-if-there-are-any-restrictions-on-scanning/m-p/168347#M30463 ChoiYunSoo 2023-01-19T12:28:29Z Re: Does anyone know if there are any restrictions on scanning malicious URLs when using monitor mod https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-anyone-know-if-there-are-any-restrictions-on-scanning/m-p/168349#M30464 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/41270">@ChoiYunSoo</a>&nbsp;</P> <P>I think you are asking in the wrong board. The forum for Harmony Email &amp; Collaboration is here:&nbsp;<A href="https://community.checkpoint.com/t5/Email-and-Collaboration/bd-p/cloudguard-saas" target="_blank">https://community.checkpoint.com/t5/Email-and-Collaboration/bd-p/cloudguard-saas</A>.</P> <P>Thanks,</P> <P>Abigael</P> <P>&nbsp;</P> Thu, 19 Jan 2023 12:47:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-anyone-know-if-there-are-any-restrictions-on-scanning/m-p/168349#M30464 Abigael_Levy 2023-01-19T12:47:46Z Re: Does anyone know if there are any restrictions on scanning malicious URLs when using monitor mod https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-anyone-know-if-there-are-any-restrictions-on-scanning/m-p/168354#M30465 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/27338">@Abigael_Levy</a>&nbsp;moved to more appropriate space</P> Thu, 19 Jan 2023 13:35:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-anyone-know-if-there-are-any-restrictions-on-scanning/m-p/168354#M30465 _Val_ 2023-01-19T13:35:43Z Re: Does anyone know if there are any restrictions on scanning malicious URLs when using monitor mod https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-anyone-know-if-there-are-any-restrictions-on-scanning/m-p/168381#M30466 <P>Anything usually done by the MTA cannot be done in this case, especially if the communication is TLS encrypted.</P> Thu, 19 Jan 2023 15:27:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-anyone-know-if-there-are-any-restrictions-on-scanning/m-p/168381#M30466 Chris_Atkinson 2023-01-19T15:27:45Z Re: Does anyone know if there are any restrictions on scanning malicious URLs when using monitor mod https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-anyone-know-if-there-are-any-restrictions-on-scanning/m-p/168421#M30467 <P>This is referring to a Quantum Security Gateway running off a Mirror Port, so unrelated to Harmony Email and Collaboration <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><BR />I believe MTA mode is required for scanning malicious URLs in email.<BR />We definitely won't see malicious URLs in SMTP traffic when running off a Mirror Port if TLS is used.<BR />Having said that, if you're seeing Threat Emulation for documents, malicious links inside of those documents should be scanned.</P> Thu, 19 Jan 2023 18:09:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-anyone-know-if-there-are-any-restrictions-on-scanning/m-p/168421#M30467 PhoneBoy 2023-01-19T18:09:53Z