https://community.checkpoint.com/t5/Spark-Firewall-SMB/User-Check-Page-only-showing-up-for-some-devices/m-p/62687#M2384 Are you managing the policy for this SMB device locally via WebUI or from Central Management?<BR /><BR />The difference in block page behavior would be explained by using HTTPS Inspection on some segments, but not others.<BR />Are you using it?<BR /><BR />This would also explain why 9gag is not being correctly detected in some instances.<BR />This is because 9gag is using CloudFlare for DDoS protection, which uses a wildcard TLS certificate unrelated to 9gag.<BR />With HTTPS Inspection, we can see what site the user is going to.<BR />Without HTTPS Inspection, we have to rely on SNI detection, something the SMB codebase does not do currently.<BR />For non-SMB gateways, this functionality was added In R80.30.<BR /><BR /> Fri, 13 Sep 2019 00:30:51 GMT PhoneBoy 2019-09-13T00:30:51Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/User-Check-Page-only-showing-up-for-some-devices/m-p/62620#M2383 <P>I am currently configuring URL Filtering on a Check Point 1430.&nbsp; I have 2 LANs coming in. Comcast Network (CN) and Plant Network (PN). There is also a DMZ configuring on the firewall. There is a Domain running on the networks. The DC sits solely on PN.</P><P>&nbsp;</P><P>For example, I'm trying to block <A href="https://www.netflix.com" target="_blank">https://www.netflix.com</A> and <A href="https://www.9gag.com" target="_blank">https://www.9gag.com</A></P><P>&nbsp;</P><P>On my phone 1, going through CN WiFi, I get the User Check Page when accessing either page.</P><P>On Desktop 1, not on domain, using a local user account, and hardwired into CN, I get the User Check Page when accessing 9gag. When accessing Netflix, I get Connection Failed screen.</P><P>On&nbsp; desktop 2, not on domain, using a local Admin account, using CN WiFi, Netflix is blocked with secure connection failed. 9gag is NOT blocked at all.</P><P>On desktop 2, not on domain, using a local Admin account, hardwired into CN, Netflix is blocked with secure connection failed. 9gag is NOT blocked at all.</P><P>On a VM 1, on domain, using an Admin account for Domain, Hard Wired into either PN or DMZ, both sites are blocked with the User Check Page</P><P>&nbsp;</P><P>Priority is making sure things are blocked on WiFi, specifically phones and iPads, so the works can't access sites they shouldn't be with them.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 12 Sep 2019 14:30:29 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/User-Check-Page-only-showing-up-for-some-devices/m-p/62620#M2383 HunterMathews 2019-09-12T14:30:29Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/User-Check-Page-only-showing-up-for-some-devices/m-p/62687#M2384 Are you managing the policy for this SMB device locally via WebUI or from Central Management?<BR /><BR />The difference in block page behavior would be explained by using HTTPS Inspection on some segments, but not others.<BR />Are you using it?<BR /><BR />This would also explain why 9gag is not being correctly detected in some instances.<BR />This is because 9gag is using CloudFlare for DDoS protection, which uses a wildcard TLS certificate unrelated to 9gag.<BR />With HTTPS Inspection, we can see what site the user is going to.<BR />Without HTTPS Inspection, we have to rely on SNI detection, something the SMB codebase does not do currently.<BR />For non-SMB gateways, this functionality was added In R80.30.<BR /><BR /> Fri, 13 Sep 2019 00:30:51 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/User-Check-Page-only-showing-up-for-some-devices/m-p/62687#M2384 PhoneBoy 2019-09-13T00:30:51Z