This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Chinmaya_Naik
Advisor
‎2018-08-24 04:28 AM

Using Signature Tool Allow some websites (https) and Block rest

Dear Team,

As my requirement is to allow some website (like:https://accounts.aclgrc.com) and rest should block.

Also, I need to do this without HTTPS Inspection.

Below is the process that I follow.

01. I am using "Signature Tool for custom Application Control and URL Filtering applications". Refer sk103051.

02. By using the above tool I create a custom application.

03. After that, I am following the sk111054 to Edit the SmartConsole.exe.config file in a text editor. and did the below changes by going to this directory C:\Program Files (x86)\CheckPoint\SmartConsole\R80.10\PROGRAM (for 64 bits)

04. Add the line <add key="AccessImportApplicationsVisible" value="True" /> .

05. Save the SmartConsole.exe.config file.

06. Then 

07. then Create a rule.


08.then create one more rule and add the custom application.

09. Before step 08 any websites is accessible but after creating an above rule I not able to access any single websites.

10. Below is the tracker logs details

Please suggest me if above step (any step) is wrong.

QUERY: I need confirmation that whether by following the above procedure can we achieve this like by creating a custom signature. OR Please suggest me is there any alternate way to archive this.

My Requirement is to allow only three (3) website and rest are should block.

#Chinmaya Naik

Security Engineer, QOS Technology PVT LTD., INDIA

0 Kudos
Reply
3 Replies
G_W_Albrecht
Champion
Champion
‎2018-08-24 05:15 AM

I wrote about a procedure suggested by CP that works without https inspection, too - find it here URLF / APCL Whitelisting

Reply
Marco_Valenti
Advisor
‎2018-08-24 06:06 AM

From the log attached it seems that the dns queries are dropped by the implicit drop from apcl rule base , guess you need to create a rule for accept that too there

0 Kudos
Reply
Tomer_Sole
Mod
Mod
‎2018-08-25 10:33 AM

Hey, sorry if the SK wasn't clear enough, but steps 3-5 aren't needed in version R80.10 and above.

And in one of our next releases, step 1 will be a direct from SmartConsole as well.

0 Kudos
Reply