This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RemoteUser
Advisor
‎2025-05-16 07:00 AM
Jump to solution

URL Filtering Not Blocking Some Categorized Sites

Hi everyone,
I'm facing a rather strange issue. I have a Check Point gateway running R81.20 with JHF-24, deployed in Azure, and it's not blocking certain websites even though they clearly fall under the specified URL filtering categories.

This gateway is not using a proxy, and we have already set the URL Filtering mode to "Hold", but the issue still persists.

Has anyone experienced something similar or can offer some guidance?

Thanks in advance!

0 Kudos
1 Solution

Accepted Solutions
Lesley
Authority Authority
Authority
‎2025-05-16 10:02 AM
Jump to solution

If HTTPS inspection is not enabled you need to enable the ''light'' version. Please check if feature below is enabled:

Lesley_0-1747414845826.png

If this is enabled look into this SK: https://support.checkpoint.com/results/sk/sk182318

Your version is to old and could use Jumbo update. 

After that also update your CA list: https://support.checkpoint.com/results/sk/sk64521

 

 

-------
If you like this post please give a thumbs up(kudo)! 🙂

View solution in original post

16 Replies
Chris_Atkinson
Employee Employee
Employee
‎2025-05-16 07:13 AM
Jump to solution

Please confirm if SSL inspection is active?

Additionally the usual additional suggestions without knowing specifics would be to upgrade the JHF take and confirm QUIC traffic is blocked.

CCSM R77/R80/ELITE
0 Kudos
RemoteUser
Advisor
‎2025-05-16 07:22 AM
In response to Chris_Atkinson
Jump to solution

HTTPS inspection is not enabled,
This is the rule that blocc traffic:
source: some network >  dst: RFC 1918 Negated  > service: Weapons Hate Sex.....  > drop log accounting

0 Kudos
_Val_
Admin
Admin
‎2025-05-16 07:34 AM
In response to RemoteUser
Jump to solution

Can you please make a screenshot of this rule? Something is not clear.

Also, can you provide examples of specific URLs that are not blocked?

0 Kudos
RemoteUser
Advisor
‎2025-05-16 07:45 AM
In response to _Val_
Jump to solution

I mask the network.
This for example  porn300

blocksite_mask.png

0 Kudos
PhoneBoy
Admin
Admin
‎2025-05-16 02:33 PM
In response to RemoteUser
Jump to solution

When traffic is not blocked, what rule is the traffic accepted on?
Please provide a screenshot of the full log card (with sensitive details redacted) of such accepted traffic.

0 Kudos
the_rock
Legend
Legend
‎2025-05-16 07:46 PM
In response to RemoteUser
Jump to solution

That rule  should work, just wont give block page, if inspection is off, since there is nothing to intercept.

What rule does it get accepted on?

Andy

0 Kudos
RemoteUser
Advisor
‎2025-05-18 02:07 AM
In response to the_rock
Jump to solution

Hi Brother,

I remembered a site that wasn’t being blocked , porn300.com.
This site falls under the Sex category, according to the classification:

For: http://porn300.com
Current Categories: Sex, Pornography, Medium Risk

I don’t see it appearing in the logs anymore, but I can assure you it wasn’t the only one. You could access it freely and browse without restrictions.
On the other hand, sites like Pornhub were blocked completely and couldn’t be accessed at all.

0 Kudos
the_rock
Legend
Legend
‎2025-05-18 04:52 AM
In response to RemoteUser
Jump to solution

Just add custom app site and include *porn300*
Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2025-05-18 09:06 PM
In response to the_rock
Jump to solution

No point playing whack-a-mole, probably best to patch for the general issue that exists below JHF T65 i.e.

The "Categorized HTTPS Sites" option does not classify specific websites when "TLS 1.3 hybridized Kyber support" is enabled in the browser

CCSM R77/R80/ELITE
RemoteUser
Advisor
‎2025-05-20 12:34 AM
In response to Chris_Atkinson
Jump to solution

I don't think the jumbo resolves the issue, since we're experiencing the same problem with another cluster running JHF 84.
As indicated here https://support.checkpoint.com/results/sk/sk182318.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2025-05-20 03:02 AM
In response to RemoteUser
Jump to solution

Suggest you methodically work the issue through with TAC in that instance and understand the differences.

To me it makes little sense to waste time troubleshooting with such an early JHF with known issues in the first instance.

CCSM R77/R80/ELITE
RemoteUser
Advisor
‎2025-05-20 03:04 AM
In response to Chris_Atkinson
Jump to solution

You're right, url filtering work better with https inspection enbaled. period.

the_rock
Legend
Legend
‎2025-05-20 05:05 AM
In response to RemoteUser
Jump to solution

100%

Chris_Atkinson
Employee Employee
Employee
‎2025-05-18 02:33 AM
In response to RemoteUser
Jump to solution

@Lesley has linked it below but a likely explanation is sk182318 fixed in later JHF.

CCSM R77/R80/ELITE
0 Kudos
Lesley
Authority Authority
Authority
‎2025-05-16 10:02 AM
Jump to solution

If HTTPS inspection is not enabled you need to enable the ''light'' version. Please check if feature below is enabled:

Lesley_0-1747414845826.png

If this is enabled look into this SK: https://support.checkpoint.com/results/sk/sk182318

Your version is to old and could use Jumbo update. 

After that also update your CA list: https://support.checkpoint.com/results/sk/sk64521

 

 

-------
If you like this post please give a thumbs up(kudo)! 🙂
RemoteUser
Advisor
‎2025-05-18 02:09 AM
In response to Lesley
Jump to solution

Hi brother

Yes, I saw that it's enabled (light version). Most likely, the first SK you sent me is the explanation , it could clarify why some sites are allowed through while others are blocked.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events