https://community.checkpoint.com/t5/Spark-Firewall-SMB/URLF-Blocked-vs-Reject/m-p/192778#M9500 <P>To generate a block page consistently, HTTPS Inspection must be enabled.<BR />This is because it is not possible to inject a block page once an HTTPS session starts because…it’s encrypted.<BR />In this situation, you will get the “can’t reach this page” error.<BR />In other words, this is expected behavior.</P> Fri, 15 Sep 2023 15:19:58 GMT PhoneBoy 2023-09-15T15:19:58Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/URLF-Blocked-vs-Reject/m-p/192753#M9499 <P>Why is some web traffic <STRONG>blocked</STRONG>, and other traffic <STRONG>rejected</STRONG>?&nbsp; I’m having problems with Facebook and YouTube.</P><P>I have a Spark 1500, R81.10.05, currently managed via the Infinity Portal Spark Management, but I’ve also turn off Cloud management and tried locally and get the same results.</P><P>I have HTTPS Inspection enabled.&nbsp; Trying to go back to basics, I’ve turn off all “bypass” categories:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="biskit_0-1694775304841.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22476i6FF5A5B307C39CD9/image-size/large?v=v2&amp;px=999" role="button" title="biskit_0-1694775304841.png" alt="biskit_0-1694775304841.png" /></span></P><P>&nbsp;</P><P>As a test I enabled URLF, in the <STRONG>Block Other… </STRONG>box I only have <STRONG>Media Streams</STRONG> selected.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="biskit_1-1694775304852.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22477iAB8D2AACF527B0E4/image-size/medium?v=v2&amp;px=400" role="button" title="biskit_1-1694775304852.png" alt="biskit_1-1694775304852.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="biskit_2-1694775304855.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22478i19E79C0E7D92B3E4/image-size/large?v=v2&amp;px=999" role="button" title="biskit_2-1694775304855.png" alt="biskit_2-1694775304855.png" /></span></P><P>&nbsp;</P><P>When I browse to <A href="https://vimeo.com" target="_blank">https://vimeo.com</A> I get a User Check block page.&nbsp; The log shows the connection as “Blocked” and I see the redirect.&nbsp; Great!&nbsp; That’s what I expect.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="biskit_3-1694775304860.jpeg" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22479iD692C40A2DC9A806/image-size/large?v=v2&amp;px=999" role="button" title="biskit_3-1694775304860.jpeg" alt="biskit_3-1694775304860.jpeg" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>But…</P><P>When I browse to <A href="https://youtube.com" target="_blank">https://youtube.com</A> I do <STRONG>not</STRONG> get the block message.&nbsp; Instead I just get “can’t reach this page”, and the log shows a Reject, and also that HTTPS Inspection was bypassed.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="biskit_4-1694775304863.jpeg" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22481i083C2B7ACDDF17FF/image-size/large?v=v2&amp;px=999" role="button" title="biskit_4-1694775304863.jpeg" alt="biskit_4-1694775304863.jpeg" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="biskit_5-1694775304865.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22480iD646A3E87E854BEE/image-size/large?v=v2&amp;px=999" role="button" title="biskit_5-1694775304865.png" alt="biskit_5-1694775304865.png" /></span></P><P>&nbsp;</P><P>Exactly the same thing happens when I add Facebook to the <STRONG><EM>Block Other…</EM></STRONG> group.&nbsp; It is rejected, HTTPS bypassed, and I get no User Check block message.</P><P>&nbsp;</P><P>Why do some sites get correctly categorised, blocked, and redirected to the User Check block page, while others are bypassed and rejected with no block message?&nbsp; Why is YouTube and Facebook HTTPS Bypassed and then rejected with no block message?</P> Fri, 15 Sep 2023 10:58:53 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/URLF-Blocked-vs-Reject/m-p/192753#M9499 biskit 2023-09-15T10:58:53Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/URLF-Blocked-vs-Reject/m-p/192778#M9500 <P>To generate a block page consistently, HTTPS Inspection must be enabled.<BR />This is because it is not possible to inject a block page once an HTTPS session starts because…it’s encrypted.<BR />In this situation, you will get the “can’t reach this page” error.<BR />In other words, this is expected behavior.</P> Fri, 15 Sep 2023 15:19:58 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/URLF-Blocked-vs-Reject/m-p/192778#M9500 PhoneBoy 2023-09-15T15:19:58Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/URLF-Blocked-vs-Reject/m-p/192779#M9501 <P>HTTPS Inspection <FONT color="#000000"><STRONG>is </STRONG>already&nbsp;</FONT>on.<BR />I've put the same Spark box onto a proper SmartCenter today and from limited testing, I think I'm seeing the same behaviour.&nbsp; &nbsp;All sites tested are HTTPS and some sites get the block message, others get the "page not found" message.&nbsp; &nbsp;I can't figure out a pattern at the moment.&nbsp; Maybe it's a Spark issue?&nbsp; I'll test further next week and compare the same policy installed to a non-Spark.</P><P>&nbsp;</P> Fri, 15 Sep 2023 16:08:53 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/URLF-Blocked-vs-Reject/m-p/192779#M9501 biskit 2023-09-15T16:08:53Z