This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
an_technical
Explorer
‎2025-12-17 09:48 AM
Jump to solution

Checkpoint Harmony Endpoint

Hi All,

 

I am deploying url filtering in checkpoint harmony endpoint. I changed url filtering to prevent mode by selecting  categories in adv settings.

 

I am getting only logs for block category/url not for allow url.

Is any configuration that need to be selected I am missing?

Regards

Ankur

 

 

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
‎2025-12-17 10:02 AM
Jump to solution

I asked Support AI Copilot this question and here's what it came back with:

1. Access the Policy Settings

  • Go to:
    Policy → Threat Prevention → Web & Files Protection → Advanced settings

2. Enable Logging for Visited Sites

  • In the Advanced settings section, look for the option:
    • Allow logs for visited sites
  • This checkbox is not selected by default to prevent generating excessive logs.
  • Select (check) this option to log all visited (accepted) URLs.

Note:

  • This option may not be visible for all customers and is OFF by default.
  • Enabling this on a large number of endpoints can overwhelm your management server. It is recommended to enable it only for a small group of endpoints if you are troubleshooting or need detailed visibility.

A couple of notes about this:

  • If you are managing your Endpoints via an on-prem management server, this can only be done in the Web interface (not SmartEndpoint).
  • If you are using Infinity Portal, this will increase the log storage requirements in the cloud, particularly if it is enabled for a large user population.

View solution in original post

the_rock
MVP Diamond
MVP Diamond
‎2025-12-17 05:55 PM
Jump to solution

Not to compare AI copilot with MS copilot, but here is what MS one came up with (I choose think deeper setting, rather than auto or quick response, since we have fully licenses version)

*********************************

What to change

  1. Enable logging for allowed URLs

    • Go to: Policy → Threat Prevention → Web & Files Protection → Advanced settings.
    • Check the option “Allow logs for visited sites.”
      This is off by default to avoid massive log volumes. [community....kpoint.com]

  2. Be aware of scope and UI

    • This setting is available in the web management interface; it’s not in SmartEndpoint. If you’re managing on‑prem via SmartEndpoint only, you won’t see it because URL Filtering is not supported with SmartEndpoint (use the web UI/Infinity Portal). [community....kpoint.com], [sc1.checkpoint.com]

  3. (Optional) Cover non‑browser traffic

    • In the same Advanced settings → URL Filtering area, consider enabling “Network URL Filtering” so URLs opened by applications/processes (not just browsers) are also inspected and logged. [sc1.checkpoint.com]

Why you currently see only “block” logs

  • In Prevent mode, Harmony Endpoint stops access to selected categories and logs the block. Allowed traffic isn’t logged unless you enable Allow logs for visited sites. [sc1.checkpoint.com], [community....kpoint.com]
  • Switching a category to Detect will log detections while allowing access, but it doesn’t produce full “allow” visibility across all benign sites. The “Allow logs for visited sites” checkbox is what gives comprehensive allow logs. [sc1.checkpoint.com]

Where to see the logs (and forward them)

  • Infinity Portal → Harmony Endpoint Logs provides filters, views, and CSV export for endpoint events. [sc1.checkpoint.com]
  • Infinity Events offers a unified events view (including Harmony Endpoint) with customizable columns and 90‑day default retention. [sc1.checkpoint.com]
  • If you need to send these logs to a SIEM, set up Event Forwarding from Infinity Portal (Push to SIEM or Azure storage). [sc1.checkpoint.com]

Practical tips & cautions

  • Start small: Enabling allow‑logs for all endpoints can overwhelm storage/ingestion. Enable it for a test group first to gauge volume. [community....kpoint.com]
  • Browser plugin dependency: The Harmony Endpoint browser extension (SBA plugin) is used to gain full visibility into HTTP/HTTPS traffic; make sure it’s present (especially on Chrome/Edge). [community....kpoint.com]
  • Policy coverage: Double‑check your selected categories (and any deny list entries/wildcards) in Advanced settings → URL Filtering so your configuration matches your intent. [sc1.checkpoint.com]
Best,
Andy
"Have a great day and if its not, change it"

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2025-12-17 10:02 AM
Jump to solution

I asked Support AI Copilot this question and here's what it came back with:

1. Access the Policy Settings

  • Go to:
    Policy → Threat Prevention → Web & Files Protection → Advanced settings

2. Enable Logging for Visited Sites

  • In the Advanced settings section, look for the option:
    • Allow logs for visited sites
  • This checkbox is not selected by default to prevent generating excessive logs.
  • Select (check) this option to log all visited (accepted) URLs.

Note:

  • This option may not be visible for all customers and is OFF by default.
  • Enabling this on a large number of endpoints can overwhelm your management server. It is recommended to enable it only for a small group of endpoints if you are troubleshooting or need detailed visibility.

A couple of notes about this:

  • If you are managing your Endpoints via an on-prem management server, this can only be done in the Web interface (not SmartEndpoint).
  • If you are using Infinity Portal, this will increase the log storage requirements in the cloud, particularly if it is enabled for a large user population.
an_technical
Explorer
‎2025-12-17 10:13 PM
In response to PhoneBoy
Jump to solution

Okay. I don't see this option so its look like its off by default as I am using cloud portal.

 

 

 

 

Preview file
99 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2025-12-18 08:03 AM
In response to an_technical
Jump to solution

Open a TAC case: https://help.checkpoint.com 

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-12-17 05:55 PM
Jump to solution

Not to compare AI copilot with MS copilot, but here is what MS one came up with (I choose think deeper setting, rather than auto or quick response, since we have fully licenses version)

*********************************

What to change

  1. Enable logging for allowed URLs

    • Go to: Policy → Threat Prevention → Web & Files Protection → Advanced settings.
    • Check the option “Allow logs for visited sites.”
      This is off by default to avoid massive log volumes. [community....kpoint.com]

  2. Be aware of scope and UI

    • This setting is available in the web management interface; it’s not in SmartEndpoint. If you’re managing on‑prem via SmartEndpoint only, you won’t see it because URL Filtering is not supported with SmartEndpoint (use the web UI/Infinity Portal). [community....kpoint.com], [sc1.checkpoint.com]

  3. (Optional) Cover non‑browser traffic

    • In the same Advanced settings → URL Filtering area, consider enabling “Network URL Filtering” so URLs opened by applications/processes (not just browsers) are also inspected and logged. [sc1.checkpoint.com]

Why you currently see only “block” logs

  • In Prevent mode, Harmony Endpoint stops access to selected categories and logs the block. Allowed traffic isn’t logged unless you enable Allow logs for visited sites. [sc1.checkpoint.com], [community....kpoint.com]
  • Switching a category to Detect will log detections while allowing access, but it doesn’t produce full “allow” visibility across all benign sites. The “Allow logs for visited sites” checkbox is what gives comprehensive allow logs. [sc1.checkpoint.com]

Where to see the logs (and forward them)

  • Infinity Portal → Harmony Endpoint Logs provides filters, views, and CSV export for endpoint events. [sc1.checkpoint.com]
  • Infinity Events offers a unified events view (including Harmony Endpoint) with customizable columns and 90‑day default retention. [sc1.checkpoint.com]
  • If you need to send these logs to a SIEM, set up Event Forwarding from Infinity Portal (Push to SIEM or Azure storage). [sc1.checkpoint.com]

Practical tips & cautions

  • Start small: Enabling allow‑logs for all endpoints can overwhelm storage/ingestion. Enable it for a test group first to gauge volume. [community....kpoint.com]
  • Browser plugin dependency: The Harmony Endpoint browser extension (SBA plugin) is used to gain full visibility into HTTP/HTTPS traffic; make sure it’s present (especially on Chrome/Edge). [community....kpoint.com]
  • Policy coverage: Double‑check your selected categories (and any deny list entries/wildcards) in Advanced settings → URL Filtering so your configuration matches your intent. [sc1.checkpoint.com]
Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events