How you configured the "Engine Settings"?hold mode?

It's set to background mode, but as its the same URL I am always testing to, and the fact categorization is correct in https inspection logs, I am expecting it to block?

I think that with R80.10 and above there is also a different settings for HTTP .

in case you can see correct categorization with HTTPS, it should block it.

I'm using "hold" mode , but I"m using R80.20/R80.10

Did try to check this one ? How to clear URL Filtering kernel cache? 

+ Access to HTTPS sites is intermittent - web site opens only after the user refreshes the page severa... 

Are you serving up your UserCheck page using HTTPS? If not, you can switch this in cluster properties -> UserCheck -> UserCheck Web Portal. Edit the http and change it to https. We sometimes would not get the UserCheck message due to "mixed content" issues. This seems to have resolved it for us.

* How to clear URL Filtering kernel cache?
tried clearing the cache, but still the same result

* Access to HTTPS sites is intermittent - web site opens only after the user refreshes the page several times
Had a look but doesnt seem related to our issue

* Are you serving up your UserCheck page using HTTPS
Just tried changing it, still allows me to fully load well known XXX websites through HTTPS, switch to http and blocks me everytime

Just seems like the https inspection blade is not passing the traffic on to the app+URL blade

A few things to check:

• Is Categorize HTTPS Sites on?

• Is the traffic really HTTPS and not, say, QUIC or HTTP/2? We only categorize HTTP/HTTPS traffic, not QUIC or HTTP/2, which should be blocked in your App Control policies. 

Hello,

Categorise HTTPS is currently off (we are doing full https inspection) however have tried it on aswell with the same result.

Yes I am testing across a broad range of generic websites (adult, illegal, cloud sharing) all of which open successfully when using https and blocked correctly when using http. 

In R77.30, I believe Categorize HTTPS Sites and HTTPS Inspection are mutually exclusive.

But if you're not using HTTPS Inspection, then you definitely need Categorize HTTPS Sites. 

As for troubleshooting this, screenshots of "accepted" traffic you think should be blocked would be helpful.

Also, like Dameon said, if users are using Chrome by default QUIC protocol is enabled and attempts to use udp/443 which cannot be inspected by Check Point so definitely check that out as well. It also seems to fit with HTTP blocks working and mixed results of HTTPS sites. You can check the in browser setting here: chrome://flags/#enable-quic