This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
maad-pul
Contributor
‎2025-05-21 03:20 AM

Application filter based on risk - do not include URL...

Hi All!

I have a customer that have exported a list from https://appwiki.checkpoint.com/appwikisdb/public.htm.

The customer will deny and permit some application based on Risk 3-5 (Medium, High, Critical), around applications 50 should be permitted and the rest denied.

I have tried to figured our how I can build an policy for that...

I have created an Application/Site Group with "permitted" Applications and after that I have created a drop for "Critical Risk, High Risk and Medium Risk", my problem is that above Categories also includeds URLs that shouldn´t be  dropped.

How can I accomplishabove? To create a group with 10000 applications and drop them seems like the only solution that I have found, which will not be updated with new applications.

Do Check Point offer some kind of pre-defined group for "All Applications" or "Appplication Risk without URLs" that I haven´t found?

Regards

Mattias

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2025-05-21 05:54 AM

The Risk categories you can use in objects refer to specific applications for which we have a signature (eg AppWiki).
They do not refer to URLs in general, for which you must use one of the URL filtering categories: https://usercenter.checkpoint.com/ucapps/

If your goal is to allow only specific sites and deny the rest, you want explicit allow rules created for those sites and those sites only. 

0 Kudos
maad-pul
Contributor
‎2025-05-21 08:31 AM
In response to PhoneBoy

Well, Risk categories also included URL Filtering according to https://usercenter.checkpoint.com/ucapps/urlcat/categories

Medium RiskApplications and Websites that may be misused and cause data leak / malware infection.

 

Which mean if a use the "Medium Risk" for Dropping Risk 3 (Medium Risk) Applications, I will also drop URLs that Check Point has categories in that section, my intention is just to drop application and I can´t find a nice way to bulid that filter....

Do you understand my problem? 

0 Kudos
PhoneBoy
Admin
Admin
‎2025-05-21 08:51 AM
In response to maad-pul

If you are creating block rules based on broad categories, you may have to make exceptions to permit certain access.
There's a couple ways to do this:

See also: https://community.checkpoint.com/t5/Security-Gateways/Web-Filtering-Best-Practices-March-2025-Video-... 

0 Kudos
maad-pul
Contributor
‎2025-05-21 08:54 AM
In response to PhoneBoy

Thanks for information! A Feature Request from me would be to have a either pre-defined object with "All Applications" or segment Risk Categories by Application and URL.

0 Kudos
PhoneBoy
Admin
Admin
‎2025-05-21 11:48 AM
In response to maad-pul

For URL Filtering, there is a category called "URL Filtering" that matches anything in our URL Filtering database.
There is also an "Uncategorized" category that matches stuff that isn't there.
Also, the assumption is that URL Filtering is using specific web-based ports only.

Applications include things that aren't strictly Web Applications and/or don't use standard web ports.
Allowing access to "All Applications" would also allow access over the relevant ports as well, which would be overly broad and may create performance and/or security issues..
Also note that some application signatures do not work fully unless HTTPS Inspection is used.
Application categories/signatures must be explicitly permitted as a result.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events