This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JoaT
Explorer
‎2023-05-18 09:57 AM
Jump to solution

Application Name in Log not found in Application List

I have been slowly implementing the application control, and noticed today the Overpage page listing a list of allowed high risk applications.  One of those applications is loadm.exelator.com.  I went to the Security Policies, Application and was going to make a rule to block it, but that application does not appear in list.

 

But when I research it in the logs, it lists it there, and a category even.  How do I block it when it is not listed in the Applications list in the rulebase though?  

 

See attached image for log entry.

 

Preview file
55 KB
0 Kudos
1 Solution

Accepted Solutions
MikeB
Advisor
‎2023-05-22 06:25 AM
In response to JoaT
Jump to solution

Ofcourse yo can do it! you need to create a Custom Application/Site:

 

image.png

 

 

 

 

 

 

 

and then add the URLs that you want to block (or permit) in this custom category:

 

image.png

 

Check sk165094 for best practices: https://support.checkpoint.com/results/sk/sk165094

 

View solution in original post

(1)
8 Replies
MikeB
Advisor
‎2023-05-21 04:06 PM
Jump to solution

The log was generated by URL FILTERING blade (not Application Control Blade) so this should be blocked by URL Filtering "categories" (not an specific application) in your access policy.

If you have R81.10, check the admin guide here: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_SecurityManagement_AdminGuid...

 

 

JoaT
Explorer
‎2023-05-22 05:32 AM
In response to MikeB
Jump to solution

So I would block it by using the categories Spam, High Risk and URL Filtering, but there is no way to block it directly by the loadm.exelator.com that is listed, correct?

 

0 Kudos
MikeB
Advisor
‎2023-05-22 06:25 AM
In response to JoaT
Jump to solution

Ofcourse yo can do it! you need to create a Custom Application/Site:

 

image.png

 

 

 

 

 

 

 

and then add the URLs that you want to block (or permit) in this custom category:

 

image.png

 

Check sk165094 for best practices: https://support.checkpoint.com/results/sk/sk165094

 

(1)
MikeB
Advisor
‎2023-05-22 06:28 AM
In response to MikeB
Jump to solution

Also....Check Point provides an online tool that allows you to check whether a URL is classified under one of the categories of the URL Filtering Blade. After you check the URL, this tool also allows you to suggest an alternative categorization for the URL:

 

https://urlcat.checkpoint.com/

 

the_rock
Legend
Legend
‎2023-05-22 10:23 AM
In response to MikeB
Jump to solution

All great points @MikeB 

0 Kudos
JoaT
Explorer
‎2023-05-22 10:50 AM
In response to MikeB
Jump to solution

Thank you very much!  Perfect

0 Kudos
the_rock
Legend
Legend
‎2023-05-22 11:25 AM
In response to JoaT
Jump to solution

Btw, I will add one more thing on top of what @MikeB said. I know this has come up few times before, so figured would mention it. Some folks had said they whitelist all the needed sites, but they still get blocked. I spent, cant even count, how many hours with TAC and different customers troubleshooting this and I found way it works all the time, never let me down. So, here is what I mean by that.

Say you wish to block everything facebook or youtube, I simply create custom app/site as @MikeB pointed out and add *facebook* and *youtube* and thats it. Otherwise, I can tell you right now, if you try and follow all the examples given in the sk165094, no offense, but you might be on the phone till 3 am or longer lol

Just giving you my honest feedback/experience.

Cheers,

Andy

the_rock
Legend
Legend
‎2023-05-21 07:00 PM
Jump to solution

I agree with @MikeB , makes sense what he advised about which blade blocked this traffic.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Thu 25 Apr 2024 @ 10:00 AM (CEST)

    The Anatomy of a Cloud Hack by NotSoSecure - EMEA Session

    Thu 25 Apr 2024 @ 06:00 PM (IDT)

    The Anatomy of a Cloud Hack by NotSoSecure - America Session
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    Virtual

    Thu 02 May 2024 @ 05:00 PM (CEST)

    SASE Masters: Deploying Harmony SASE for a 6,000-Strong Workforce in a Single Weekend
    CheckMates Events