https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22905#M4565 <HTML><HEAD></HEAD><BODY><P>Deamon and Gunther,</P><P></P><P>Thanks for the answers. I agree that using URLF is the best possible solution. I am trying to figure out what is the best solution if I can't route end users traffic through the gateway.&nbsp;I am thinking about Endpoint security with URLF blade will be a suitable replacement but it is not deployed at the moment. what do you think?</P></BODY></HTML> Thu, 30 Aug 2018 08:13:53 GMT Shahar_Grober 2018-08-30T08:13:53Z https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22896#M4556 <HTML><HEAD></HEAD><BODY><P>I had an interesting discussion about&nbsp;performing URL filtering using DNS only instead of&nbsp;URLs which allows faster resolving and will allow controlling of remote offices internet traffic without deploying URL Filtering on remote gateways or force redirection of internet traffic through the&nbsp;corporate gateway. This means that all DNS requests from remote offices are inspected by the gateway and allowed/blocked based on the DNS&nbsp;resolving. I know that the Anti-bot uses DNS for malicious website and also according to the "the&nbsp;R80.x Security Gateway Architecture (Content Inspection)" the RAD is using DNS as well but I am wandering if the URL filtering can be done based on the DNS request of the remote hosts or the http/https connection has to be opened and pass through the gateway.</P><P></P><P>This is similar to OpenDNS solution for Web Content filtering&nbsp;<A class="link-titled" href="https://support.opendns.com/hc/en-us/articles/227988047-Web-Content-Filtering-and-Security" title="https://support.opendns.com/hc/en-us/articles/227988047-Web-Content-Filtering-and-Security">Web Content Filtering and Security – OpenDNS</A>.&nbsp;</P><P></P><P>Any insights are welcome.&nbsp;</P></BODY></HTML> Tue, 28 Aug 2018 12:01:30 GMT https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22896#M4556 Shahar_Grober 2018-08-28T12:01:30Z https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22897#M4557 <HTML><HEAD></HEAD><BODY><P>i would suggest&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk92743&amp;partition=Advanced&amp;product=URL">sk92743 ATRG: URL Filtering</A> for technical details.</P></BODY></HTML> Tue, 28 Aug 2018 12:06:52 GMT https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22897#M4557 G_W_Albrecht 2018-08-28T12:06:52Z https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22898#M4558 <HTML><HEAD></HEAD><BODY><P>I already&nbsp;looked at it.&nbsp;There is no mention to use of DNS by URLF or RAD</P><P></P><H2 style="color: #333333; background-color: #ffffff; font-weight: bold; font-size: 22px; padding: 10px 0px 0px;">L Filtering Categorization Flow</H2><P style="color: #000000; background-color: #ffffff; font-size: 14px; padding-left: 30px;"><IMG alt="" src="https://sc1.checkpoint.com/sc/SolutionsStatics/sk73220/urlf_categorization_a.png" style="border: none;" /></P><P style="color: #000000; background-color: #ffffff; font-size: 14px; padding-left: 30px;"><IMG alt="" height="210" src="https://sc1.checkpoint.com/sc/SolutionsStatics/sk73220/urlf_categorization_b.png" style="border: none;" width="630" /></P><P style="color: #000000; background-color: #ffffff; font-size: 14px; padding-left: 30px;"></P><P style="color: #000000; background-color: #ffffff; font-size: 14px; padding-left: 30px;">although the "<SPAN style="color: #333333;">R80.x Security Gateway Architecture (Content Inspection)" says that there is use of DNS with RAD</SPAN></P><P style="color: #000000; background-color: #ffffff; font-size: 14px; padding-left: 30px;"></P><P style="color: #000000; background-color: #ffffff; font-size: 14px; padding-left: 30px;"><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/69887_pastedImage_1.png" /></P><P style="color: #000000; background-color: #ffffff; font-size: 14px; padding-left: 30px;"></P><P style="color: #000000; background-color: #ffffff; font-size: 14px; padding-left: 30px;">It would be nice to know if Check Point can support the scenario in my original question or not&nbsp;</P></BODY></HTML> Tue, 28 Aug 2018 12:14:29 GMT https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22898#M4558 Shahar_Grober 2018-08-28T12:14:29Z https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22899#M4559 <HTML><HEAD></HEAD><BODY><P>I do not think that this is possible - URLF checks the URL in the internal database first and, if niot successfull, sends a request to online detection service. So, no DNS is contacted here before the URL categorization is finished. The OpenDNS solution rather&nbsp;is a competitor&nbsp;to CP URLF with very a small set of features.</P></BODY></HTML> Tue, 28 Aug 2018 13:15:35 GMT https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22899#M4559 G_W_Albrecht 2018-08-28T13:15:35Z https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22900#M4560 <HTML><HEAD></HEAD><BODY><P>Thanks for the information <SPAN style="text-decoration: underline;">Gunthar,</SPAN>&nbsp;</P><P>No argue that CP can provide better functionality than OpenDNS. I was just wandering if Check Point can provide similar functionality giving the fact that the infrastructure already exist with Anti-bot to block malicious DNS requests</P></BODY></HTML> Tue, 28 Aug 2018 13:23:06 GMT https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22900#M4560 Shahar_Grober 2018-08-28T13:23:06Z https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22901#M4561 <HTML><HEAD></HEAD><BODY><P>CP is using very similar functionality, but does not disguise itself as DNS server <span class="lia-unicode-emoji" title=":winking_face:">😉</span> Did you read sk31727 and sk35484 already ?</P></BODY></HTML> Tue, 28 Aug 2018 14:12:09 GMT https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22901#M4561 G_W_Albrecht 2018-08-28T14:12:09Z https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22902#M4562 <HTML><HEAD></HEAD><BODY><P>This is good information. bottom line is that&nbsp;Check Point&nbsp;<SPAN style="color: #000000; background-color: #ffffff; font-size: 14px;">products do not implement DNS server functionality and therefore cannot perform URL filtering based on DNS requests.&nbsp;</SPAN></P><P></P></BODY></HTML> Tue, 28 Aug 2018 14:44:02 GMT https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22902#M4562 Shahar_Grober 2018-08-28T14:44:02Z https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22903#M4563 <HTML><HEAD></HEAD><BODY><P>DNS doesn't factor into URL filtering at all.</P><P>The main problem with using DNS as I see it is that a number of sites could use the same IP address.</P><P>You may allow access to some sites on the same IP, but block others.</P><P>Also I could access a given IP without doing a DNS lookup (e.g. Because of caching, poisoned or otherwise).</P></BODY></HTML> Tue, 28 Aug 2018 15:03:42 GMT https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22903#M4563 PhoneBoy 2018-08-28T15:03:42Z https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22904#M4564 <HTML><HEAD></HEAD><BODY><P>Let me put it like this: With OpenDNS, you&nbsp;use the DNS lookup for performing URLF. With CP URLF, no DNS request will be made at all if the URL is blocked.</P></BODY></HTML> Wed, 29 Aug 2018 07:31:28 GMT https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22904#M4564 G_W_Albrecht 2018-08-29T07:31:28Z https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22905#M4565 <HTML><HEAD></HEAD><BODY><P>Deamon and Gunther,</P><P></P><P>Thanks for the answers. I agree that using URLF is the best possible solution. I am trying to figure out what is the best solution if I can't route end users traffic through the gateway.&nbsp;I am thinking about Endpoint security with URLF blade will be a suitable replacement but it is not deployed at the moment. what do you think?</P></BODY></HTML> Thu, 30 Aug 2018 08:13:53 GMT https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22905#M4565 Shahar_Grober 2018-08-30T08:13:53Z https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22906#M4566 <HTML><HEAD></HEAD><BODY><P>Either Endpoint URLF or Capsule Cloud would be reasonable in these cases.</P><P>Both would work regardless of where the end users are.</P></BODY></HTML> Thu, 30 Aug 2018 15:37:42 GMT https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22906#M4566 PhoneBoy 2018-08-30T15:37:42Z https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22907#M4567 <HTML><HEAD></HEAD><BODY><P>I agree with <A href="https://community.checkpoint.com/migrated-users/61362">Shahar Grober</A>‌<BR />it will be better if Checkpoint can perform dns filtering instead of relying on 3rd party appliances such as infoblox or other dns firewall outside.</P></BODY></HTML> Thu, 13 Dec 2018 09:03:21 GMT https://community.checkpoint.com/t5/General-Topics/URL-Filtering-using-DNS/m-p/22907#M4567 Ranokarno_Ranok 2018-12-13T09:03:21Z