This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
firewallAdmin
Explorer
‎2021-04-21 07:23 AM

Block uri on firewall

Dear Team,

Can we block  uri on checkpoint firewall.

 

For eg.

 

  ^/+dana/+meeting

  ^/+dana/+fb/+smb

/+dana-cached/+fb/+smb

    ^/+dana-ws/+namedusers

   ^/+dana-ws/+metric

 

 

Regards,

Vinay Adsul

0 Kudos
4 Replies
Cyber_Serge
Collaborator
‎2021-04-21 02:41 PM

First you need SSL Inspection on gateway; Second you can look up Check Point documentation on URL Filtering.

But according to the documentation from vendor, the mitigation should be applied on the server itself.

 

You can also choose to import the snort rule from fireeye into the Check Point gateway.
https://github.com/fireeye/pulsesecure_exploitation_countermeasures/

0 Kudos
firewallAdmin
Explorer
‎2021-04-22 09:26 PM
In response to Cyber_Serge

we need to block uri on checkpoint firewall , i going to this for first time on checkpoint firewall. qos has suggested to follow below document.but i need to create uri object there are multiple setting and where i need to call this object.

https://sc1.checkpoint.com/documents/R80/CP_R80_SmartDashboard_OLH/html_frameset.htm?topic=documents...

 

Uri that i need to block are related with Pulse vpn vernability. Need steps to block uri on checkpoint firewall.

0 Kudos
Cyber_Serge
Collaborator
‎2021-04-30 04:58 PM
In response to firewallAdmin

Sounds like you are not familiar with such creation. Instead of trying to creating something to block it, why don't you just import the relevant snort rules?

0 Kudos
the_rock
Legend
Legend
‎2021-05-01 12:30 PM

Never tried doing that...you may want to open the case with TAC about it. I cant say for sure if that would work 100% even if ssl inspection is enabled on the gateway.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events