Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copper

Can anyone tell me how to unblock a website

So my team got assigned a service request from someone who is not able to access a website, I'm assuming the checkpoint firewall is blocking it or it could something else maybe a bluecoat or something that we use in our company that is blocking it, but if it really is the checkpoint that is blocking it how do I verify that? The URL filtering blade is responsible for that right? (I don't think we have url filled enabled on any of the firewalls but I could be wrong) , and if it does turn out that the checkpoint is blocking it how do I unblock it? And how do I know which firewall is blocking it? By looking at the logs? And to unblock it do I just have to create a simple rule?

Any help would be absolutely appreciated!

0 Kudos
4 Replies
Highlighted
Admin
Admin

What is the precise behavior the user experiences?
Can you provide screenshots?
From that we may be able to determine next course of action.
But in general, yes, you're looking at logs to see if the traffic is even going through the gateway, much less being blocked by it.
Then, yes, some sort of rule to allow that website.
What that looks like depends on what blade is blocking the traffic and what blades you have available.
0 Kudos
Highlighted
Copper

Screenshot_20200222-130512_Outlook.jpg

As you can see that was the ticket that was created, the trello.com website is apparently being blocked, no other details present besides the use case for accessing the website, since it's a Saturday I will have to ask on Monday for further details like error shown,etc.

0 Kudos
Highlighted

Hi @kb1,

If the page is blocked you should see this in the log of the firewall or in the log of Symantec (Bluecoat) SG.

It's the wrong forum, but I can help you on the Bluecoat. 

Create a trace file on the Bluecoat with the following steps:

1) Creat a new "Web Access Layer"
2) Move the Web Access Layer to position 1.
3) Now creat a rule with the destination www.trello.com and an action "trace file"
4)  >>> Open the URL on the browser
5)  Now check the trace file on the Bluecoat SG under https://<Bluecoat_IP>:8082/policy/  -> trace files

At the same time check the following on the Check Point gateway:

1) Resolve the IP via DNS name www.trello.com
2) Start "fw ctl zdebug drop | grep <www.trello.com_IP>
3) >>> Open the URL on the browser

This should let you see who is generating the issue.

Regards 
Heiko

Tags (1)
0 Kudos
Highlighted
Copper

Thank you very much for your suggestion, will try it out on Monday and provide an update.
0 Kudos