This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Chinmaya_Naik
Advisor
‎2018-08-24 04:28 AM

Using Signature Tool Allow some websites (https) and Block rest

Dear Team,

As my requirement is to allow some website (like:https://accounts.aclgrc.com) and rest should block.

Also, I need to do this without HTTPS Inspection.

Below is the process that I follow.

01. I am using "Signature Tool for custom Application Control and URL Filtering applications". Refer sk103051.

02. By using the above tool I create a custom application.

03. After that, I am following the sk111054 to Edit the SmartConsole.exe.config file in a text editor. and did the below changes by going to this directory C:\Program Files (x86)\CheckPoint\SmartConsole\R80.10\PROGRAM (for 64 bits)

04. Add the line <add key="AccessImportApplicationsVisible" value="True" /> .

05. Save the SmartConsole.exe.config file.

06. Then 

07. then Create a rule.


08.then create one more rule and add the custom application.

09. Before step 08 any websites is accessible but after creating an above rule I not able to access any single websites.

10. Below is the tracker logs details

Please suggest me if above step (any step) is wrong.

QUERY: I need confirmation that whether by following the above procedure can we achieve this like by creating a custom signature. OR Please suggest me is there any alternate way to archive this.

My Requirement is to allow only three (3) website and rest are should block.

#Chinmaya Naik

Security Engineer, QOS Technology PVT LTD., INDIA

0 Kudos
3 Replies
G_W_Albrecht
Legend Legend
Legend
‎2018-08-24 05:15 AM

I wrote about a procedure suggested by CP that works without https inspection, too - find it here URLF / APCL Whitelisting

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Marco_Valenti
Advisor
‎2018-08-24 06:06 AM

From the log attached it seems that the dns queries are dropped by the implicit drop from apcl rule base , guess you need to create a rule for accept that too there

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2018-08-25 10:33 AM

Hey, sorry if the SK wasn't clear enough, but steps 3-5 aren't needed in version R80.10 and above.

And in one of our next releases, step 1 will be a direct from SmartConsole as well.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events