This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TaylorHung
Explorer
‎2023-02-22 12:23 AM

Can't block URL, APP

Hello everyone,

I configured block web youtube by url and Microsoft Team by application control but it doesn't work, I can reach it.

Where did I misconfigure and how to fix it ? 

Thanks a lot.

Regards,

TaylorHung

Preview file
50 KB
0 Kudos
14 Replies
TomerM
Employee Alumnus
Employee Alumnus
‎2023-02-22 12:36 AM

Hello TaylorHung,
it is difficult to troubleshoot without further information. I suggest either contacting TAC or if you can add a screenshot of the configuration you used?
*Remember this is a public forum. Make sure you do not share any personal data (IPs, passwords etc..)   

0 Kudos
TaylorHung
Explorer
‎2023-02-22 12:41 AM
In response to TomerM

I have attaced a picture of the policy configuration. You can check for me ?

Preview file
50 KB
0 Kudos
TomerM
Employee Alumnus
Employee Alumnus
‎2023-02-22 01:05 AM
In response to TaylorHung

Sorry I did not see the pic.
Policy rule looks ok.
Make sure you have added a new layer to the policy including the applications&URL Filtering there
If the issue is not resolved I recommend opening a ticket to TAC

 

 



Preview file
168 KB
0 Kudos
TaylorHung
Explorer
‎2023-02-22 01:27 AM
In response to TomerM

Yep, I  enabled the application and URL Filtering but it doesn't work 

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2023-02-22 05:24 AM
In response to TaylorHung

As @G_W_Albrecht advised, check the logs, see where its accepted and we can better assist. Rule loos fine, but that on its own does not mean much, unless we can see from the logs why its being accepted.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Sorin_Gogean
Advisor
‎2023-02-22 05:49 AM
In response to TaylorHung

Hello TaylorHung,

Like others were stating, we're missing some information like what you defined in those Applications/URL Filtering objects.
Any reason you did not used the YouTube Application defined by Checkpoint ?

Youtube:
Youtube_Capture.JPG

MSTeams:
TeamsCapture.JPG


Thank you,

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-02-22 02:56 AM
In response to TaylorHung

What is shown in Logs ? If you use Any as Source instead of Admin ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
TaylorHung
Explorer
‎2023-02-23 06:20 PM
In response to G_W_Albrecht

Hello Albrecht,

I tried it, it didn't work. i cant understand. I think this is product trial then block URL

0 Kudos
RS_Daniel
Advisor
Advisor
‎2023-02-22 04:36 AM

Hello,

Can you share a picture showing what you have insie "Youtube.com" object? I usually block Youtube using the pre-defined application object "Youtube" + a custom Application site with following DNS names: youtube.com, *.youtube.com. Maybe you will need to add more DNS names, you can check the entire list in the Certificate Subject Alternative Name section in youtube's  certificate, it will also depends what you are seeing in logs, try searching by IP and port 443 with profile Access Control on logs, you can check wich sites is browsing that IP (check image).

About teams, i always used the updatable object to allow deny this traffic, check if that is feasible for you it will be easier. Never tried with APC/URL blades. HTH

Logs.png

Regards

 

 

0 Kudos
TaylorHung
Explorer
‎2023-02-23 06:10 PM
In response to RS_Daniel

Hello Daniel, 

I have defined application youtube with dns name: youtube.com, *.youtube.com, *.youtube.com.*  but it doesn't work

Regards

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-02-22 04:36 AM

Is HTTPS inspection enabled and how are those App/URL/service objects defined?

If your end users are using the Chrome browser, does your policy block QUIC traffic?

Note we have built-in objects such as:

Youtube.png

CCSM R77/R80/ELITE
0 Kudos
TaylorHung
Explorer
‎2023-02-23 06:14 PM
In response to Chris_Atkinson

Hello  Chris_Atkinson,

I  attached the picture. I don't think that Checkpoint can't block URL.

How to fix that if you know.

Thanks a lot 

Preview file
30 KB
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2023-02-23 06:20 PM
In response to TaylorHung

I always do the way you do it, except I simply add *youtube*, works like a charm. You can follow same logic for any other website.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
_Val_
Admin
Admin
‎2023-02-24 12:58 AM
In response to TaylorHung

You did not answer the question. Do you have HTTPS Inspection enabled? If not, the application you defined will not be detected on TLS traffic, which is 100% of Youtube.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events