This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MINHYEOK2487
Explorer
a month ago

Gaia WebUI becomes inaccessible when URL Filtering is enabled (SMS without internet access)

Environment:

  • Appliance: Quantum Security Gateway 9000 series
  • Version: (R82.0 / Take 39)
  • SMS: No external internet connectivity

Issue: When URL Filtering blade is enabled on a 9000-series gateway, the Gaia Web UI becomes completely inaccessible.

Suspected cause: I suspect this may be related to the URL Filtering categorization database update process. Since the SMS has no external internet access, the gateway may fail to reach the Check Point cloud for DB updates, and this failure might somehow block or interfere with Gaia WebUI access.

Questions:

  1. Is there a known dependency between URL Filtering DB fetch and Gaia WebUI availability?
  2. Is there a way to pre-download the URL Filtering DB offline, or disable the cloud lookup while keeping the blade active?

Any guidance or relevant SKs would be appreciated. Thank you.

Labels
0 Kudos
5 Replies
Martijn
MVP
MVP
a month ago

Hi,

Can you tell us a little bit more about your setup? Which web GUI is inaccessible? Gateway or SMS?
Is this connection going through the gateway?

Please take a look at: 

sk92743 - ATRG: URL Filtering

The URL Filtering database is a online service the gateways connect to and get the correct category for a URL.
The result is cached for future lookups.

Unless you have a Private Threat Cloud appliance, to my knowledge there is no offline database.

What do you see in the logging?

Regards,
Martijn

0 Kudos
MINHYEOK2487
Explorer
a month ago
In response to Martijn

Hi Martijn,

Thank you for your response.

  1. The Gaia WebUI on the gateway becomes inaccessible — not the SMS.
  2. Even when connecting through the UTP MGMT interface, the WebUI is still inaccessible.

Thank you.

0 Kudos
Martijn
MVP
MVP
a month ago
In response to MINHYEOK2487

Hi,

- Is there an access rule blocking web traffic to the gateway?
- Is SSH access possible?
- Is the web portal configured to listen on another port? You can check with show web ssl-port
- Is there by accident a NAT rule configured for the IP you are connecting to?
- Is your IP in the list of allowed hosts within the Gaia configuration? show allowed-clients all

Have you made a trace with tcpdump to see if traffic is coming in and is answered?

Unlikely URL Filtering is causing this issue. 

If all of the above is OK, I would follow the advice and open a case with TAC.

Martijn

the_rock
MVP Diamond
MVP Diamond
a month ago

If you have any relevant logs you can attach, it would definitely help.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
PhoneBoy
Admin
Admin
a month ago

URL Filtering is handled through cloud-based lookups and doesn't have an offline database to download.
No idea why it would cause issues with the Gaia WebUI; suggest opening a TAC case.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events