Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Using URLF in Endpoint Security Client

Jump to solution

Hi,

I am looking at policy in SmartEndpoint. There is a section for URL Filtering, however I don't see anything about URL filtering in the documentation? 

 

How / where is URLF policy defined? And how is it enforced? Is a security gateway required? Can URLF be  enforced on an endpoint client that is not on the corporate network?

Thanks, 

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Admin
Admin
There is a URL Filtering feature in Endpoint that is not included in any of the SBA SKUs.
In fact, it's a hidden SKU you must purchase separately and requires what can best be described as "unique" implementation process requiring configuration in the Network Access Policy (not SmartEndpoint).
That version is...being deprecated.
We have a new implementation of URL Filtering that is built into the SBA browser plugin that is included in the regular SBA SKUs.
This is currently in Early Availability, and only supported in Chrome and only with Endpoint Management as a Service (not on-prem management).

View solution in original post

10 Replies
Highlighted
Admin
Admin
There is a URL Filtering feature in Endpoint that is not included in any of the SBA SKUs.
In fact, it's a hidden SKU you must purchase separately and requires what can best be described as "unique" implementation process requiring configuration in the Network Access Policy (not SmartEndpoint).
That version is...being deprecated.
We have a new implementation of URL Filtering that is built into the SBA browser plugin that is included in the regular SBA SKUs.
This is currently in Early Availability, and only supported in Chrome and only with Endpoint Management as a Service (not on-prem management).

View solution in original post

Highlighted

Thanks for the reply. 

So do you think that - for endpoint - the preferred future might be specifically for cloud based management? Is on-prem management for it only going to support a subset of features? 

0 Kudos
Highlighted
Admin
Admin
My guess is that it will ultimately be supported for on-premise management as well with the same features.
Or at least I haven't heard it won't be.
Highlighted
Employee+
Employee+

We are aiming for feature parity between cloud management and on on-prem. In some cases there might be temporary gaps, until we complete support on both, but this is the goal.

In the future, on-prem will even be managed by the same web UI which you see today on the cloud management

 

Having said that, I do recommend organizations to use the cloud if they can.

Even if the features are the same, there are large operational benefits you get from using the cloud management:

 

On the cloud environment, it is our task to maintain the server, keeping it healthy and happy. This is a load we are taking off your hands. Saving you time and money.

Also, as we manage thousands of such environments, there is a very high chance that any issue that will happen on your env. is something we have already seen before and know how to fix. Or even better, something we already seen before and therefor mitigated it on your env. before it even happened.

We understand some orgs can’t move to cloud management due to regulations or internal constrains and therefore we will keep giving them a similar on-prem capabilities.

 

Lior

0 Kudos
Highlighted
Employee+
Employee+

This is our old URLF, we have a new one that can be enabled through our web management - https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/SandBlast-Agent-Management-Pl...

You don't need a GW to use it, it will be enforced on the agent's level and is based on our browser extension.

For on-prem deployments, it will be rolling out as part of our next release "R81", yet again it will be available only through our web management interface.

0 Kudos
Highlighted
Ivory

The biggest issue is having to use the plugins for browsers due to the fact that if the end user picks a browser not supported then they can go to any site they want and the URL filtering will not work.  Enterprise URL filtering really needs a method that is not dependent on browser version or type.  

Highlighted
Admin
Admin

As noted, this is in EA and we are planning to support additional browsers.

Chrome is, by far, the most popular browser, though, and you can enforce browser plugin usage with GPO and similar.

As to whether the Filtering is only done in the plugin or its merely used to provide a better experience to the end user, I'll leave that to @Kobie_Bendalak and others to answer.

0 Kudos
Highlighted

Using a browser extension for URLF is a pretty solid way to go... aside from some proxy / pac or other shim... and it should work nicely for http and https sites alike.

From a enforcement perspective, hopefully it will be an easier pill to swallow now that Chrome and Edge run on the same engine. I assume Firefox will be supported also? As for the continued use of Internet Explorer... I hope it goes away soon. It's 2020 people. Yeesh 😉

For managing the SBA version of URLF, it is web-based.... and once it is made available for on-prem management (R81), it will still be web-managed... meaning that there will be a web portal to admin the feature opposed to using SmartConsole or SmartEndpoint. (just making sure I understand this right)

For endpoint management in general though, SaaS based management is recommended unless there is some regulation or other rule requiring on-prem management. I get this, as - with the little experience I have so far - managing management can sometimes be a barrier - or a slow down maybe -  to managing security policy / enforcement. Especially when  we are a small team and responsible for all IT admin stuff.

For this though - if our internal "roadmap" was to get gateways and management (network and endpoint) all rolling into SmartEvent - how would SaaS management impact that?

Thanks!
~D

0 Kudos
Highlighted
Admin
Admin
First of all, SmartEvent should be part of the "Management as a Service" offerings. 🙂
I believe you can export the logs from here to an on-premise SmartEvent as well.
0 Kudos
Highlighted
Gotcha. Thanks for the help!
0 Kudos