This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gim_Dor
Explorer
‎2018-07-03 06:38 PM

Site URL not able to access

Hi there, I created an application filtering policy to be allowed and am able to ping the destination IP address for the site url which is international  but unable to access it. There is a possibility of dns issue or it could be a firewall policy issue. Has any encountered this issue? How to resolve this so I am able to access that international site? Thanks.

3 Replies
Demith_Samaraw2
Contributor
‎2018-07-03 11:46 PM

It could be multiple reasons, but basic troubleshooting should be able to narrow-down the reason. 

what version of the management and firewall is this,

is the firewall in transparent or proxy mode

do you see anything in the tracker logs?

can the URL be accessed without the CheckPoint policy?

0 Kudos
_Val_
Admin
Admin
‎2018-07-04 01:06 AM

Hi Gim,

you have already listed two main reasons for it not to work: DNS resolution on the GW or FW policy in place that does not allow such connectivity. There might also be the third reason: the client itself goes via third party proxy and does not cross your FW in question.

I would suggest to start with two first assumptions.

1. Check DNS resolution for the specific FQDN is working of the FW enforcement point. 

2. with curl, try to open URL in question directly from FW

3. If both 1 and 2 are working for you, start looking into connectivity and policy issues between the Web client and FW. You can use "fw monitor" to do so

I hope this helps. Please let me know how it goes.

0 Kudos
Gim_Dor
Explorer
‎2018-07-04 08:58 AM

Thank you Valeri and Demith for your response. After further digging, I found that there was a Geo-protection set in place for that country. I allowed it but then I was able to access the entire country's any site url. In order to only allow that particular website, I created a profile and set based on the IP address to be allowed and now, I am not even able to ping that IP.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events