- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
So my team got assigned a service request from someone who is not able to access a website, I'm assuming the checkpoint firewall is blocking it or it could something else maybe a bluecoat or something that we use in our company that is blocking it, but if it really is the checkpoint that is blocking it how do I verify that? The URL filtering blade is responsible for that right? (I don't think we have url filled enabled on any of the firewalls but I could be wrong) , and if it does turn out that the checkpoint is blocking it how do I unblock it? And how do I know which firewall is blocking it? By looking at the logs? And to unblock it do I just have to create a simple rule?
Any help would be absolutely appreciated!
As you can see that was the ticket that was created, the trello.com website is apparently being blocked, no other details present besides the use case for accessing the website, since it's a Saturday I will have to ask on Monday for further details like error shown,etc.
Hi @kb1,
If the page is blocked you should see this in the log of the firewall or in the log of Symantec (Bluecoat) SG.
It's the wrong forum, but I can help you on the Bluecoat.
Create a trace file on the Bluecoat with the following steps:
1) Creat a new "Web Access Layer"
2) Move the Web Access Layer to position 1.
3) Now creat a rule with the destination www.trello.com and an action "trace file"
4) >>> Open the URL on the browser
5) Now check the trace file on the Bluecoat SG under https://<Bluecoat_IP>:8082/policy/ -> trace files
At the same time check the following on the Check Point gateway:
1) Resolve the IP via DNS name www.trello.com
2) Start "fw ctl zdebug drop | grep <www.trello.com_IP>
3) >>> Open the URL on the browser
This should let you see who is generating the issue.
Regards
Heiko
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY