https://community.checkpoint.com/t5/General-Topics/Creating-Malicious-URL/m-p/166454#M27732 <P><STRONG><A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuide/Content/Topics-SECMG/Creating-Application-Control-and-URL-Filtering-Rules.htm?tocpath=Creating%20an%20Access%20Control%20Policy%7C_____6" target="_blank">https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuide/Content/Topics-SECMG/Creating-Application-Control-and-URL-Filtering-Rules.htm?tocpath=Creating%20an%20Access%20Control%20Policy%7C_____6</A></STRONG></P> <P><STRONG><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk112249" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk112249</A></STRONG></P> <P><STRONG><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk73220" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk73220</A></STRONG></P> Mon, 02 Jan 2023 09:27:50 GMT G_W_Albrecht 2023-01-02T09:27:50Z https://community.checkpoint.com/t5/General-Topics/Creating-Malicious-URL/m-p/166452#M27731 <P>I have checkpoint firewall and when I create custom application/sites by default it creates services like http, https, HTTP_proxy, and HTTPS_proxy and I have two questions regarding this, the first one is what are this services used for in the Application/sites the second is usually I used to block malicious or suspicious urls through this application/sites object category the question is which place is best to place these app/sites groups either on the destination or in the services section on the rule base?</P><P>Regards,</P><P>&nbsp;</P> Mon, 02 Jan 2023 09:04:30 GMT https://community.checkpoint.com/t5/General-Topics/Creating-Malicious-URL/m-p/166452#M27731 ihenock101 2023-01-02T09:04:30Z https://community.checkpoint.com/t5/General-Topics/Creating-Malicious-URL/m-p/166454#M27732 <P><STRONG><A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuide/Content/Topics-SECMG/Creating-Application-Control-and-URL-Filtering-Rules.htm?tocpath=Creating%20an%20Access%20Control%20Policy%7C_____6" target="_blank">https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuide/Content/Topics-SECMG/Creating-Application-Control-and-URL-Filtering-Rules.htm?tocpath=Creating%20an%20Access%20Control%20Policy%7C_____6</A></STRONG></P> <P><STRONG><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk112249" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk112249</A></STRONG></P> <P><STRONG><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk73220" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk73220</A></STRONG></P> Mon, 02 Jan 2023 09:27:50 GMT https://community.checkpoint.com/t5/General-Topics/Creating-Malicious-URL/m-p/166454#M27732 G_W_Albrecht 2023-01-02T09:27:50Z https://community.checkpoint.com/t5/General-Topics/Creating-Malicious-URL/m-p/166466#M27733 <P>Those services typically represent the default ones to which URL filtering / AppC policy is applied unless you have the non-standard ports option enabled.</P> <P>The latter depends on the object type, "domain" objects can be used in the destination of a FW/Access policy but a site/category is typically in the services column depending on the blades enabled.</P> <P>&nbsp;</P> Mon, 02 Jan 2023 12:22:20 GMT https://community.checkpoint.com/t5/General-Topics/Creating-Malicious-URL/m-p/166466#M27733 Chris_Atkinson 2023-01-02T12:22:20Z https://community.checkpoint.com/t5/General-Topics/Creating-Malicious-URL/m-p/166482#M27734 <P>There are a couple different ways to block URLs:</P> <UL> <LI>Adding them as part of Custom Application/Site objects in the Access Policy (requires a policy install to change)</LI> <LI>Using ioc_feeds with the AV/AB Blades:&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk132193&amp;partition=Basic&amp;product=Anti-Virus," target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk132193&amp;partition=Basic&amp;product=Anti-Virus,</A></LI> <LI>In R81.20, using a Network Feed object:&nbsp;<A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuide/Content/Topics-SECMG/Network_Feed.htm?Highlight=Network%20feed" target="_blank">https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuide/Content/Topics-SECMG/Network_Feed.htm?Highlight=Network%20feed</A></LI> </UL> <P>ioc_feeds doesn’t use the Access Policy at all.<BR />For the other two methods, you can put the relevant object in the Access Policy with appropriate rules to block traffic to and from those IPs.</P> Mon, 02 Jan 2023 14:32:10 GMT https://community.checkpoint.com/t5/General-Topics/Creating-Malicious-URL/m-p/166482#M27734 PhoneBoy 2023-01-02T14:32:10Z