topic Re: White list URL in Spark Firewall (SMB)

White list URL

roy_adir — Wed, 29 Nov 2017 18:32:48 GMT

Hi,

I'm using CheckPoint 790 appliance.
I'm trying to block all internal address outgoing to the internet except white list URL that I had made.
I set up the blade control regarding to the firewall policy on Strict mode, and now the last rule on Outgoing section on the policy is : Any- Internet - Block.
Above it, I made a manual rule says: Any - Internet - My white list URL and accept.

After this, no one can browse inside the organization to the internet to my White list.

I could have some help regarding to this, what do I do wrong?

thanks!

Re: White list URL

PhoneBoy — Thu, 30 Nov 2017 00:27:37 GMT

If you don't mind sharing, what is the URL in question?

Note that if it's an HTTPS URL, then you may also need to enable HTTPS Inspection.

Re: White list URL

roy_adir — Thu, 30 Nov 2017 09:06:57 GMT

Hi,

Thank you for your respond!

its a mixed of web site, banks and web sites related to work.

I may have on that list HTTPS web sites.

but the thing is, when i'm doing the steps I wrote above, no one have an internet at all.

on the logs, it says the user has blocked because of rule number 5 which is the auto generated rule was created due Strict option I did on Firewall blade:

Any- Internet - Block..

Re: White list URL

PhoneBoy — Thu, 30 Nov 2017 15:45:02 GMT

For some sites to be detected properly (particularly ones with HTTPS) you may need to enable HTTPS Inspection, which was added in the R70.20.70 firmware release.

If you do not do this, it is possible the gateway will not be able to detect the particular URL correctly.

If that's the case for all the URLs you've decided to whitelist, then the behavior you are seeing is expected.

Re: White list URL

roy_adir — Fri, 01 Dec 2017 16:26:04 GMT

That's helped, so thank you ver much for that!

however, I have one web site, which is HTTPS, and it doesnt have a certificate. so even with HTTPS inspection -

I cannot properly go into. only when i'm disable the inspection I can browse to it.

there is any way I can get his certificate from the owner and install it on the checkpoint?

if I can, how can I do it?

thank you!

Re: White list URL

PhoneBoy — Fri, 01 Dec 2017 17:00:35 GMT

A site can't be HTTPS without having a certificate.

However, HTTPS Inspection can fail for any number of reasons.

There should be logs that indicate why it is failing.