@the_rock Yea but not social media web access only.

See if my post below helps, except you can skip ssl inspection part, but thats sort of the point for https sites. Anyway, in your case, you need url filtering enabled,you can block social media category, BUT, it will look goofy when user sees it, as block page will NEVER come up without ssl inspection enabled. So, first rule block that category, make sure urlf is enabled on the layer, then 2nd rule allow access to the Internet, thats it.

Andy

https://community.checkpoint.com/t5/Security-Gateways/Https-inspection-lab-guide/m-p/214429#M40929

Yes and no. The whole point of doing it blacklist way and NOT whitelist way in urlf layer is because IF you say had any any drop at bottom of that layer, ALL traffic would get dropped, as it has to be allowed on EVERY ordered layer. So say, just as a stupid example, if someone had 100 ordered layers and traffic was allowed on 99 of them and last, 100th layer had any any drop at the bottom, EVERYTHING would be dropped.

Makes sense?

Also, keep in mind that its better traffic processing for urlf blade when you do blacklist approach, because first network later, you allow traffic to the Internet, but since traffic has to traverse EVERY ordered layer, you block whoever you need to block from getting to whatever site in that 2nd layer you see in my guide.

Andy

Does that help @Ihenock1011 , or would you feel more comfortable if we did remote, so I can show you my lab? Though my lab is pretty much same as what I put in the screenshots.

Andy

@the_rock It helps a lot, but I would love to see it demonstrated in a lab practical. We can do it tomorrow 14/2024 8:00AM-5:00PM. send me the link on private message thanks a lot.

Just message me directly tomorrow.

Andy