Re: Can't block URL, APP

TaylorHung · ‎2023-02-22

Hello everyone,

I configured block web youtube by url and Microsoft Team by application control but it doesn't work, I can reach it.

Where did I misconfigure and how to fix it ?

Thanks a lot.

Regards,

TaylorHung

TomerM · ‎2023-02-22

Hello TaylorHung,
it is difficult to troubleshoot without further information. I suggest either contacting TAC or if you can add a screenshot of the configuration you used?
*Remember this is a public forum. Make sure you do not share any personal data (IPs, passwords etc..)

TaylorHung · ‎2023-02-22

I have attaced a picture of the policy configuration. You can check for me ?

TomerM · ‎2023-02-22

Sorry I did not see the pic.
Policy rule looks ok.
Make sure you have added a new layer to the policy including the applications&URL Filtering there
If the issue is not resolved I recommend opening a ticket to TAC

TaylorHung · ‎2023-02-22

Yep, I enabled the application and URL Filtering but it doesn't work

the_rock · ‎2023-02-22

As @G_W_Albrecht advised, check the logs, see where its accepted and we can better assist. Rule loos fine, but that on its own does not mean much, unless we can see from the logs why its being accepted.

Andy

Best,
Andy

Sorin_Gogean · ‎2023-02-22

Hello TaylorHung,

Like others were stating, we're missing some information like what you defined in those Applications/URL Filtering objects.
Any reason you did not used the YouTube Application defined by Checkpoint ?

Youtube:

MSTeams:

Thank you,

G_W_Albrecht · ‎2023-02-22

What is shown in Logs ? If you use Any as Source instead of Admin ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

TaylorHung · ‎2023-02-23

Hello Albrecht,

I tried it, it didn't work. i cant understand. I think this is product trial then block URL

RS_Daniel · ‎2023-02-22

Hello,

Can you share a picture showing what you have insie "Youtube.com" object? I usually block Youtube using the pre-defined application object "Youtube" + a custom Application site with following DNS names: youtube.com, *.youtube.com. Maybe you will need to add more DNS names, you can check the entire list in the Certificate Subject Alternative Name section in youtube's certificate, it will also depends what you are seeing in logs, try searching by IP and port 443 with profile Access Control on logs, you can check wich sites is browsing that IP (check image).

About teams, i always used the updatable object to allow deny this traffic, check if that is feasible for you it will be easier. Never tried with APC/URL blades. HTH

Regards

TaylorHung · ‎2023-02-23

Hello Daniel,

I have defined application youtube with dns name: youtube.com, *.youtube.com, *.youtube.com.* but it doesn't work

Regards

Chris_Atkinson · ‎2023-02-22

Is HTTPS inspection enabled and how are those App/URL/service objects defined?

If your end users are using the Chrome browser, does your policy block QUIC traffic?

Note we have built-in objects such as:

CCSM R77/R80/ELITE

TaylorHung · ‎2023-02-23

Hello Chris_Atkinson,

I attached the picture. I don't think that Checkpoint can't block URL.

How to fix that if you know.

Thanks a lot

the_rock · ‎2023-02-23

I always do the way you do it, except I simply add *youtube*, works like a charm. You can follow same logic for any other website.

Best,
Andy

_Val_ · ‎2023-02-24

You did not answer the question. Do you have HTTPS Inspection enabled? If not, the application you defined will not be detected on TLS traffic, which is 100% of Youtube.

Are you a member of CheckMates?

Can't block URL, APP