This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
msantos
Contributor
‎2020-10-09 08:19 AM

HTTPS inspection

Hi checkmates, im looking to configure Https Inspection for web control and that sort of things.

My question is, now that i have it enabled, some of my users need the access for example to youtube, and if im blocking streams with the https inspection policy, the user can´t access the site.

is there any way to make some exceptions, how does this work with best practices.

thanks

0 Kudos
8 Replies
Jessie_Rich
Participant
‎2020-10-09 09:04 AM

Yes you can make exceptions in your application control policy. Do you have identity awareness configured? If so you can create Access role objects mapped to user groups on your domain and use those objects in the source of your application control rule. You can also make object groups of specific hosts if you don't have Identity awareness and can't implement it for some reason. Those permit rules need to be above your more broadly defined drop rules.

msantos
Contributor
‎2020-10-09 10:08 AM
In response to Jessie_Rich

i think i tried that, i mean in the url filtering policy, i do have identity awareness and i have access role objects mapped to AD users as you say. ill try to figure out if any other policy is blocking me, i have checked several times and find nothing, but still ill check it again.

0 Kudos
Jessie_Rich
Participant
‎2020-10-09 10:37 AM
In response to msantos

You should check an make sure you aren't getting any errors with identity awareness and users are getting matched to their PCs correctly. What does the log for the blocked person show?

msantos
Contributor
‎2020-10-09 02:56 PM
In response to Jessie_Rich

identity awareness is fine, i just checked. the computer is responding to the correct user in AD.

app control says, traffic accepted, and https inspection log say Inspected. and still cant reach the site

0 Kudos
_Val_
Admin
Admin
‎2020-10-12 04:39 AM
In response to msantos

HTTPS Inspection may only block sites with invalid certificates, and even that is configurable in the properties. Appropriate URLF/APC rule should allow or drop for specific user groups. 

You can either share some screenshots here, or go directly to a TAC case with this.

PhoneBoy
Admin
Admin
‎2020-10-09 06:40 PM

Let's start with the basics: version/JHF in use?
Screenshots of precisely what you've configured would be helpful.
Screenshots and/or more precise descriptions of the behavior when it's not working would also be helpful. 

msantos
Contributor
‎2020-10-13 02:54 PM

hi, i was checking all the thins you all told me to check.

so i installed las JHF available, check URLF rules, and use access role.

im still having the same issue, i want to permit youtube on certain users, but block all other streams sites.

im working with one test user, and youtube is blocked, but other sites not hehe, funny.

i upload some screenshots i made about current config.

thanks

1.JPG

2.JPG

3.JPG

4.JPG

5.JPG

6.JPG

7.JPG

       

0 Kudos
_Val_
Admin
Admin
‎2020-10-14 12:16 AM
In response to msantos

Firstly, there is no URLF filtering policy rule blocking the youtube for regular users. Why? Another issue, why are you only inspecting certain categories? How clean-up rule looks in HTTPSi layer?

Clearly, you are facing a config issue that can be easily fixed.

To fix:
1. leave just one single rule for HTTPSi to inspect:

Internal networks -> Internet-Any category-Inspect-Log

followed by a cleanup rule:

any - any- any- bypass-none

Then create AC/URLF rules in the Network Security:
Good Users - Any - YouTube-Accept (no limit)

Any - Any - Youtube - Drop / UserCheck Message

Check if it works.

Media stream is not the right category here


 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events