topic Re: Blocking Deepseek Access in General Topics

Blocking Deepseek Access

Libor_Kovar — Fri, 11 Jul 2025 09:49:29 GMT

Hello, I am using CP UTM1 v 80.40.

Advise, pls:

We are now obliged by goverment to block access to Deepseek AI. How to do that ?

We are using IPS, AntiBot , Application Control . (Geoplicy, too)

No Https inspection in place. Can I set it up just involving Deep seek webs ?

Many thanks

Re: Blocking Deepseek Access

Chris_Atkinson — Fri, 11 Jul 2025 09:54:10 GMT

Please upgrade to a supported version and enable SSL inspection for best results.

Re: Blocking Deepseek Access

the_rock — Fri, 11 Jul 2025 12:16:55 GMT

I would just add custom app object and include *deepseek* in it. I attached a screenshot of what I meant. I cant guarantee it will work if you dont have inspection enabled, but worth a try. My bad, I typed *deepsake* in the screenshot, but I meant *deepseek*

Andy

Re: Blocking Deepseek Access

Tal_Paz-Fridman — Fri, 11 Jul 2025 13:47:54 GMT

Why not use the predefined DeepSeek Application?

Re: Blocking Deepseek Access

the_rock — Fri, 11 Jul 2025 13:49:49 GMT

I definitely missed it before, was looking for it : - )

Andy

Re: Blocking Deepseek Access

Tal_Paz-Fridman — Fri, 11 Jul 2025 14:05:03 GMT

Hi Andy,

Make you have the lastest database update.

Thanks

Tal

Re: Blocking Deepseek Access

the_rock — Fri, 11 Jul 2025 14:06:30 GMT

Hey Tal,

Yes, definitely do, just missed it when I searched for it.

Andy

Re: Blocking Deepseek Access

Libor_Kovar — Fri, 11 Jul 2025 14:25:41 GMT

I am not seeing it either. How to force the Db update on 80.40 ? My version is from 22.6.2024 😞 despite I use scheduled update

Re: Blocking Deepseek Access

the_rock — Fri, 11 Jul 2025 14:33:49 GMT

I would upgrade to R81.20 if you can, since R80.40 is not supported.

Andy

Re: Blocking Deepseek Access

Chris_Atkinson — Sat, 12 Jul 2025 00:31:26 GMT

Is your JHF & SmartConsole at least the latest for the version and have an active license & support contacts?

Re: Blocking Deepseek Access

the_rock — Sat, 12 Jul 2025 15:16:08 GMT

From my lab.

Andy

[Expert@CP-FW-01:0]# more appi_status.C
(
:status (0)
:status_short_desc ()
:status_long_desc ()
:app_update_status (new)
:app_update_description ("Gateway was updated with database version: 60
72501.")
:app_next_update_description ("The next update will be run as scheduled
.")
:app_db_version (6072501)
:urlf_status_code (0)
:urlf_status_short_description ()
:urlf_status_long_description ()
:appi_rad_status_code (0)
:appi_rad_status_description ("Application Control Engine is up and run
ning")
:urlf_rad_status_code (0)
:urlf_rad_status_description ("URL Filtering engine is up and running")
:app_subscription_expiration_date ("Wed Jul 30 19:12:15 2025")
:app_subscription_status (valid)
:app_subscription_description ("Contract is up to date.")
:urlf_subscription_expiration_date ("Wed Jul 30 19:12:15 2025")
:urlf_subscription_status (valid)
:urlf_subscription_description ("Contract is up to date.")
)
[Expert@CP-FW-01:0]#
[Expert@CP-FW-01:0]#
[Expert@CP-FW-01:0]#
[Expert@CP-FW-01:0]#
[Expert@CP-FW-01:0]#
[Expert@CP-FW-01:0]#
[Expert@CP-FW-01:0]# pwd
/opt/CPsuite-R81.20/fw1/appi/update
[Expert@CP-FW-01:0]#

Re: Blocking Deepseek Access

Libor_Kovar — Mon, 14 Jul 2025 07:54:07 GMT

Hi, thanks for all replies.

yes, I have valid contracts.

Smart Console is R80.40 994000435

mgmt and GW are R80.40 JHF Take 211

I am not allowed by our IT mgmt to install the new main version .

I understand, that I have unsupported version of MGMT and GW engines as themselves , but expected, that updating the protections of all kind should work, as we pay subscriptions.

IPS and other threat signatures are up-to-date.

How come, that APP control & URLFiltering has creation date as of 22.9.2024 . I setup scheduled updates , but even I do it manually, it silently brings nothing? Thus, that Deepseek signature is missing

Re: Blocking Deepseek Access

Libor_Kovar — Mon, 14 Jul 2025 08:00:51 GMT

Hi, thanks.

Strange , this all I found:

pwd
/opt/CPsuite-R80.40/fw1/appi/update

[Expert@utm1:0]# more appi_status.C
(
:status (0)
:status_short_desc ()
:status_long_desc ()
:app_update_status (up-to-date)
:app_update_description ("Gateway is up to date. Database version: 2072501.")
:app_next_update_description ("The next update will be run as scheduled.")
:app_db_version (2072501)
:urlf_status_code (0)
:urlf_status_short_description ()
:urlf_status_long_description ()
:urlf_subscription_status ()
:urlf_subscription_expiration_date ()
:urlf_subscription_description ()
:appi_rad_status_code (0)
:appi_rad_status_description ("Application Control Engine is up and running")
:urlf_rad_status_code (0)
:urlf_rad_status_description ()
:app_subscription_expiration_date ("Sun Mar 1 00:00:00 2026")
:app_subscription_status (valid)
:app_subscription_description ("Contract is up to date.")
)

Re: Blocking Deepseek Access

Libor_Kovar — Mon, 14 Jul 2025 08:08:37 GMT

Hello, thank you. It's on my plane. In the mean time, I set this rule up on our endpoint protection policy (TM Apex One).

I mean , that if I do it, like inserting https: to these links, I don't need the https inspection, for now, until I will have the app signature.

Re: Blocking Deepseek Access

the_rock — Mon, 14 Jul 2025 10:01:48 GMT

I recall once when I had an issue where AI category was not showing, when I updated smart console gui, all worked fine.

Andy

Re: Blocking Deepseek Access

Chris_Atkinson — Mon, 14 Jul 2025 10:08:02 GMT

Is the DoH application also missing for you per sk165873?

Re: Blocking Deepseek Access

the_rock — Mon, 14 Jul 2025 11:43:08 GMT

@Libor_Kovar Hope it helped?

Andy

Re: Blocking Deepseek Access

Libor_Kovar — Mon, 14 Jul 2025 12:33:53 GMT

You're the best !! sk165873 helpe to update DB and get DoH and Deepseek !!!

sk165873 - User fails to find DNS over HTTPS (DoH) application in SmartConsole

There is a script to run and fix it

Many thanks you all !

Re: Blocking Deepseek Access

the_rock — Mon, 14 Jul 2025 12:37:17 GMT

Good sk, never knew of it before, amazing! Glad we can help bro, @Chris_Atkinson is great!

Andy

Re: Blocking Deepseek Access

the_rock — Tue, 15 Jul 2025 13:03:06 GMT

I only have R82 to check atm and it shows different. Not sure if thats right one for R80.40, but it does show up to date.

Andy