https://community.checkpoint.com/t5/Spark-Firewall-SMB/APPC-and-URLF-on-SMB-appliances/m-p/46636#M1797 <P>Hi guys!<BR /><BR />I'm having a hard time configuring a navigation policy on a SMB appliance. It's really not working as intended as far as i'm concerned.<BR /><BR />I was wandering if a good practice would be to allow "network protocols" category as it contains OCSP, NCSI, ssl, and other network protocols designed for navigation but im worried if this would allow pages i dont want to allow.&nbsp;<BR /><BR />I also find it works kinda randomly and sometimes i dont really dig how it works, sometimes it matches an application, sometimes the same petition does not match the application.</P><P><BR />Lan Networks as a source should match identity awareness connections?&nbsp;</P><P>Should i place a rule allowing "network protocols"?</P><P>Does anyone has any expirience on this and has already a template/good practice for nailing this?<BR /><BR />Thanks in advance</P><P>&nbsp;</P> Tue, 12 Mar 2019 20:20:56 GMT Juan_Lobera 2019-03-12T20:20:56Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/APPC-and-URLF-on-SMB-appliances/m-p/46636#M1797 <P>Hi guys!<BR /><BR />I'm having a hard time configuring a navigation policy on a SMB appliance. It's really not working as intended as far as i'm concerned.<BR /><BR />I was wandering if a good practice would be to allow "network protocols" category as it contains OCSP, NCSI, ssl, and other network protocols designed for navigation but im worried if this would allow pages i dont want to allow.&nbsp;<BR /><BR />I also find it works kinda randomly and sometimes i dont really dig how it works, sometimes it matches an application, sometimes the same petition does not match the application.</P><P><BR />Lan Networks as a source should match identity awareness connections?&nbsp;</P><P>Should i place a rule allowing "network protocols"?</P><P>Does anyone has any expirience on this and has already a template/good practice for nailing this?<BR /><BR />Thanks in advance</P><P>&nbsp;</P> Tue, 12 Mar 2019 20:20:56 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/APPC-and-URLF-on-SMB-appliances/m-p/46636#M1797 Juan_Lobera 2019-03-12T20:20:56Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/APPC-and-URLF-on-SMB-appliances/m-p/46679#M1798 <DIV class="cp_h2_black"><SPAN>I think it is quite tough to block and allow all websites. If you read sk112249:&nbsp;</SPAN><A href="https://supportcenter.checkpoint.com/supportcenter/?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk112249&amp;partition=General&amp;product=Application" target="_self">Best Practices - Application Control </A>It would be helpful..</DIV><DIV class="cp_h2_black">&nbsp;</DIV><DIV class="cp_link_block"><DIV>&nbsp;</DIV></DIV> Wed, 13 Mar 2019 04:46:21 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/APPC-and-URLF-on-SMB-appliances/m-p/46679#M1798 Gomboragchaa 2019-03-13T04:46:21Z