This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gomboragchaa
Advisor
‎2018-08-10 03:13 AM

Application Control can not catch Opera web browser VPN

Hello,

I am trying to block Facebook and any other social site from our internal network. Also we blocking all Anonymizer and Tunnels Application group. 

But users are using Opera Web Browser's default VPN proxy extension. They surfing over internet.

Application Control has already Opera applications signature. Unfortunately Check Point can't catch the Opera VPN connections.

Rule on Firewall:

On Opera Browser:

Settings > Privacy & Security > Enable VPN

Result: 

Next Step:

I did HTTPS Inspection on my PC. Finally Firewall detecting Opera VPN and rule working.

But we don't want to use HTTPS Inspection. 

7 Replies
Danny
Champion Champion
Champion
‎2018-08-10 03:53 AM

Just block these domains and you are fine:

  • api.surfeasy.com
  • de0.opera-proxy.net
  • api.sec-tunnel.com
  • sitecheck2.opera.com
  • opera-mini.net
Gomboragchaa
Advisor
‎2018-08-10 04:11 AM
In response to Danny

Unfortunately, still same Smiley Sad

0 Kudos
Danny
Champion Champion
Champion
‎2018-08-10 05:58 AM
In response to Gomboragchaa

What is your SmartLog showing for the traffic that is permitted?

0 Kudos
Gomboragchaa
Advisor
‎2018-08-10 06:32 AM
In response to Danny

No any logs on SmartLog... 

0 Kudos
Danny
Champion Champion
Champion
‎2018-08-10 07:07 AM
In response to Gomboragchaa

Enable logging and also check via fw monitor for related traffic connections.

0 Kudos
Gomboragchaa
Advisor
‎2018-08-13 12:35 AM
In response to Danny

I used fw monitor on our firewall.

From src=192.168.0.172 to dst=77.111.245.14.

I think it is Proxy server IP. The it sending packet to Facebook.

I blocked 77.111.245.14 IP on rule. But it connecting another IP.

Sorry for my poor English

0 Kudos
Gomboragchaa
Advisor
‎2018-08-27 08:23 AM

Found a solution.

1. Activate “Categorize HTTPS websites” option from Application Control and URL Filter blade advanced settings.

Open Smartconsole > Manage and Settings > Blades > Application Control & URL Filter "Advanced Settings" > Activate “Categorize HTTPS websites”

2. After changes, it isn’t affect immediately and must to wait or clear connection table. But I prefer the reboot 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top