Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
seanmc12
Participant

Web Filtering?

Jump to solution

I've just enabled URL/Application filtering and haven't gotten it all down yet. We do have Web Sense at our HQ location. We are about to move from MPLS to a Hybrid SDWAN module and have a direct Internet link at each site. To provide security, we'll be standing up CP 3600 Firewalls at all 4 of the remote locations. With that, do folks just use the CP Firewall for filtering or should I plan to have the Web Sense presence at each site as well? They both do some of the same things, but the Web Sense reporting is, unfortunately, much more user friendly and provides some reports checkpoint does not have available. I'm not a Clish user currently by any means. I feel I could Almost get rid of the Web Sense if it weren't for the reports it provides.

Thoughts?

0 Kudos
1 Solution

Accepted Solutions
Cyber_Serge
Collaborator

You can just use Check Point, or use both web sense(now Forcepoint) + Check Point. Your preference is on report rather than technical feature, I'd say keep both if you have the budget. Some environments prefer to have 2 layers of protection on web traffic. If you want to explore the reports in Check Point it's definitely customizable, just have to make sure logs are collected properly on Check Point and you customize the field to show correct information.

 

The only technical feature we find that Check Point does not offer is the Quota Time. With Forcepoint you can easily allow a particular group of users to be able to browse news category for 1 hour per day during work hour, and not-restricted during after hour. 

View solution in original post

(1)
4 Replies
PhoneBoy
Admin
Admin

Clish and reports have nothing to do with each other (or very little anyway).
What reports do you feel are missing?

0 Kudos
seanmc12
Participant

I know there is some information you can get from clish that you can't get very easily in the Web Interface. Thats what I meant by that. With regards to reports, Web Sense is a bit more user friendly or maybe I am just more used to its layout in getting accurate High Bandwidth user reports and things like that. If the same exact data can be obtained from Checkpoint that is great and would save thousands in not having to have both systems at all 5 sites. I'm looking for a school that provides administration, but mainly stuck with You Tube clips

0 Kudos
PhoneBoy
Admin
Admin

The standard Application and URL Filtering report should provide you who is using the most bandwidth.
However, for that report to be effective, you have to log the relevant Access Policy rules with Detailed/Extended logging.

The more specifics you can provide around lack of (perceived) functionality, the more we can help. 
This might also be a good conversation to have with your local Check Point SE.

(1)
Cyber_Serge
Collaborator

You can just use Check Point, or use both web sense(now Forcepoint) + Check Point. Your preference is on report rather than technical feature, I'd say keep both if you have the budget. Some environments prefer to have 2 layers of protection on web traffic. If you want to explore the reports in Check Point it's definitely customizable, just have to make sure logs are collected properly on Check Point and you customize the field to show correct information.

 

The only technical feature we find that Check Point does not offer is the Quota Time. With Forcepoint you can easily allow a particular group of users to be able to browse news category for 1 hour per day during work hour, and not-restricted during after hour. 

View solution in original post

(1)