Create a Post
Showing results for 
Search instead for 
Did you mean: 

Application for CRL downloads

Here at the customer site the clients only have over the CP proxy access to the internet.
For SSL certificate revocation checks the clients are fetching CRL lists according the different certificates they using.

Now, it does not exist a "CRL Application" in the application control or any category for this.
As a workaround the customer is using a manual "CRL list" which is not a good solution for CRL fetching.

The only way seems to be to create a custom application for this, as example using the mime type of .crl here:

Matching mime types would be:


 I know about the possibility with the signature tool for custom application control or url filtering but this is not an option for the customer.

The question is now how are other check point admins doing the filtering for this?
Is there any feature available for CRL filtering from check point I don't know about it?

Maybe the above could be added in a future release, I have seen that other firewall-vendors are doing the same like above.


0 Kudos
3 Replies

Why isn't creating a custom application signature a valid solution for the customer?
0 Kudos

Hi @PhoneBoy,
from the customer's view it is the time needed to get familar with the signature tool and the time to create the signature.
Also the question if the resulting signature is upgradeable and still usable when implemented.

The customer was asking why check point does not providing such an application already...
0 Kudos

I haven't heard of any situation where a customer-generated signature would not work in later versions.
That said, it's a fair point that we should probably have a built-in signature for this--will ask.