https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/198242#M7809 <P>Hello any news?&nbsp;</P> Fri, 17 Nov 2023 08:57:15 GMT JulianAF 2023-11-17T08:57:15Z https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/196928#M7760 <P>Hello,</P><P>i'm trying to found my way. We actually configure laptops with only access to Citrix. The laptop are hybrid azure AAD. We need to keep the access to Azure (Entra), Teams and Citrix.</P><P>The problem is if i block access to internet,the Checkpoint will be blocked too and can't be updated and the only solution is to uninstall it. I put the execption xxx.<SPAN>epmgmt.checkpoint.com in the rule with allow but the traffic not passing by this rule.</SPAN></P><P><SPAN>Others problem is to allow teams or Azure, actually we can't add address fqdn like *.microsoft.com , it seems mandatory to add each subdomain xxx.address.com (!!!).&nbsp;</SPAN></P><P><SPAN>Any idea to found a easy solution?&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>Thank you&nbsp;</SPAN></P> Thu, 02 Nov 2023 15:43:51 GMT https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/196928#M7760 JulianAF 2023-11-02T15:43:51Z https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/196936#M7761 <P>I would ask CP TAC for the most easy and efficient way of achieving your goal.</P> Thu, 02 Nov 2023 16:01:58 GMT https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/196936#M7761 G_W_Albrecht 2023-11-02T16:01:58Z https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/197008#M7764 <P>Thank you !</P> Fri, 03 Nov 2023 09:01:53 GMT https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/197008#M7764 JulianAF 2023-11-03T09:01:53Z https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/198242#M7809 <P>Hello any news?&nbsp;</P> Fri, 17 Nov 2023 08:57:15 GMT https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/198242#M7809 JulianAF 2023-11-17T08:57:15Z https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/205305#M8182 <P>I would also appreciate if there is any news on this matter ?</P> Wed, 07 Feb 2024 13:18:10 GMT https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/205305#M8182 scenarist 2024-02-07T13:18:10Z https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/205325#M8185 <P>Haha forgot this my friend.&nbsp;</P> Wed, 07 Feb 2024 14:07:39 GMT https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/205325#M8185 JulianAF 2024-02-07T14:07:39Z https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/206188#M8248 <P>Hello,</P><P>I'm seeking advice on the most effective method to block all outgoing internet traffic except for a select few websites. Currently, I've configured outbound firewall rules to permit access to the Harmony server, domain controllers (DNS and DHCP), internal networks, and the domain <A href="http://www.edition.cnn.com" target="_blank">www.edition.cnn.com</A>. All other connections are blocked.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="344.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/24517i087E2DF9EEE0FEF8/image-size/large?v=v2&amp;px=999" role="button" title="344.png" alt="344.png" /></span></P><P>However, I've encountered two issues:</P><OL><LI>My anti-malware capabilities is unable to update, as it can't establish a connection to the server. I suspect that I need to add a rule for the Check Point Anti-Malware online database server?</LI></OL><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="343.png" style="width: 653px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/24518i12E32B6CD5BD4039/image-size/large?v=v2&amp;px=999" role="button" title="343.png" alt="343.png" /></span></P><P>2.<SPAN>The second problem pertains to the slow loading of the </SPAN><A href="http://www.edition.cnn.com/" target="_new">www.edition.cnn.com</A><SPAN> webpage or any URLs I've allowed. However, when I removed the "clean up out" rule, I experienced significantly faster loading times for web addresses.</SPAN></P><P>I would greatly appreciate any suggestions or insights you could provide on these matters.</P><P>Thank you very much in advance.</P> Thu, 15 Feb 2024 14:20:59 GMT https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/206188#M8248 scenarist 2024-02-15T14:20:59Z https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/206262#M8250 <P>The problem with slow loading is most likely because todays websites will load resources from a whole lot of different domains that you did not allow.&nbsp;</P> <P>If you open web developer tools (F12) when loading edition.cnn.com you'll see that its fetching resources from all over the place.</P> <P>&nbsp;</P> Fri, 16 Feb 2024 06:32:04 GMT https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/206262#M8250 Sigbjorn 2024-02-16T06:32:04Z https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/206302#M8255 <P>I assumed that, and there is no way to solve that matter because every website have a lot of external resources.&nbsp;</P> Fri, 16 Feb 2024 14:01:56 GMT https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/206302#M8255 scenarist 2024-02-16T14:01:56Z https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/206304#M8256 <P>Hello to achieve this we use Cisco Umbrella and we can only permitt what we want. It's working very well.</P> Fri, 16 Feb 2024 14:07:38 GMT https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/206304#M8256 JulianAF 2024-02-16T14:07:38Z https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/207228#M8294 <P><SPAN>I can't believe that there is no way to solve this issue, and I will have to change the Harmony endpoint because of it.&nbsp;</SPAN></P><P>&nbsp;</P> Tue, 27 Feb 2024 08:22:47 GMT https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/207228#M8294 scenarist 2024-02-27T08:22:47Z https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/207237#M8296 <P>What is the response from CP TAC ?</P> <P>&nbsp;</P> Tue, 27 Feb 2024 09:00:40 GMT https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/207237#M8296 G_W_Albrecht 2024-02-27T09:00:40Z https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/207241#M8298 <P>Still nothing. I am still waiting...</P> Tue, 27 Feb 2024 09:15:16 GMT https://community.checkpoint.com/t5/Endpoint/Use-the-Harmony-firewall-to-block-all-access-to-internet-but/m-p/207241#M8298 scenarist 2024-02-27T09:15:16Z