Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
JulianAF
Explorer

Use the Harmony firewall to block all access to internet but with exception

Hello,

i'm trying to found my way. We actually configure laptops with only access to Citrix. The laptop are hybrid azure AAD. We need to keep the access to Azure (Entra), Teams and Citrix.

The problem is if i block access to internet,the Checkpoint will be blocked too and can't be updated and the only solution is to uninstall it. I put the execption xxx.epmgmt.checkpoint.com in the rule with allow but the traffic not passing by this rule.

Others problem is to allow teams or Azure, actually we can't add address fqdn like *.microsoft.com , it seems mandatory to add each subdomain xxx.address.com (!!!). 

Any idea to found a easy solution? 

 

Thank you 

0 Kudos
12 Replies
G_W_Albrecht
Legend Legend
Legend

I would ask CP TAC for the most easy and efficient way of achieving your goal.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
JulianAF
Explorer

Thank you !

0 Kudos
JulianAF
Explorer

Hello any news? 

0 Kudos
scenarist
Contributor

I would also appreciate if there is any news on this matter ?

0 Kudos
JulianAF
Explorer

Haha forgot this my friend. 

0 Kudos
scenarist
Contributor

Hello,

I'm seeking advice on the most effective method to block all outgoing internet traffic except for a select few websites. Currently, I've configured outbound firewall rules to permit access to the Harmony server, domain controllers (DNS and DHCP), internal networks, and the domain www.edition.cnn.com. All other connections are blocked.

344.png

However, I've encountered two issues:

  1. My anti-malware capabilities is unable to update, as it can't establish a connection to the server. I suspect that I need to add a rule for the Check Point Anti-Malware online database server?

343.png

2.The second problem pertains to the slow loading of the www.edition.cnn.com webpage or any URLs I've allowed. However, when I removed the "clean up out" rule, I experienced significantly faster loading times for web addresses.

I would greatly appreciate any suggestions or insights you could provide on these matters.

Thank you very much in advance.

0 Kudos
Sigbjorn
Advisor
Advisor

The problem with slow loading is most likely because todays websites will load resources from a whole lot of different domains that you did not allow. 

If you open web developer tools (F12) when loading edition.cnn.com you'll see that its fetching resources from all over the place.

 

0 Kudos
scenarist
Contributor

I assumed that, and there is no way to solve that matter because every website have a lot of external resources. 

0 Kudos
JulianAF
Explorer

Hello to achieve this we use Cisco Umbrella and we can only permitt what we want. It's working very well.

0 Kudos
scenarist
Contributor

I can't believe that there is no way to solve this issue, and I will have to change the Harmony endpoint because of it. 

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

What is the response from CP TAC ?

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
scenarist
Contributor

Still nothing. I am still waiting...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events