Create a Post
Showing results for 
Search instead for 
Did you mean: 

Pandora Streaming Traffic intermittently 'redirected' as Malicous

We just recently received complaints that in the last 2 weeks streaming Pandora audio on our guest network intermittently freezes.   Restarting the Pandora session fixes the problem

Our guest WiFi network has a separate VLAN and internet connection than all of our other traffic.

We have a rule in our Application policy to block access to malicious sites originating from our guest VLANs, based on the Checkpoint pre-defined application category.

What we found in our logs was that intermittently Pandora traffic is 'redirected', being associated with the Phishing category.  Most of such entries are flagging URL similar to as phishing, where resolves to, which has PTR of so it is one of Pandora's IPs.

Checkpoint Support has had us add a rule above the Guest - Block Malicious Sites to specifically allow traffic classified as Pandora, but still we see redirects I just described.  We haven't received any further complaints though since having added the rule Support had suggested but these redirect entries associated with Pandora IPs I still see in the Block rule troubles me.

Looking further at the logs, I'm seeing log entries associated with the Block rule within 2 hours after having added the Allow Pandora rule where the log entry shows the category as Pandora, usrcheck message claiming access to is blocked by our security policy.   Since resolves to, why was it associated with Pandora traffic destined to (

Is anyone else seeing Pandora traffic affected as potentially malicious Phishing traffic?

Tags (1)
2 Replies

It's possible we may need to see some traffic captures of the relevant traffic to understand what's going on.

They can be provided through your TAC case.

0 Kudos

TAC was unable to adequately solve the problem.   Instead workarounds had to be put in place, some in my opinion to broad in nature.

0 Kudos