Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

User Check Page only showing up for some devices

I am currently configuring URL Filtering on a Check Point 1430.  I have 2 LANs coming in. Comcast Network (CN) and Plant Network (PN). There is also a DMZ configuring on the firewall. There is a Domain running on the networks. The DC sits solely on PN.

 

For example, I'm trying to block https://www.netflix.com and https://www.9gag.com

 

On my phone 1, going through CN WiFi, I get the User Check Page when accessing either page.

On Desktop 1, not on domain, using a local user account, and hardwired into CN, I get the User Check Page when accessing 9gag. When accessing Netflix, I get Connection Failed screen.

On  desktop 2, not on domain, using a local Admin account, using CN WiFi, Netflix is blocked with secure connection failed. 9gag is NOT blocked at all.

On desktop 2, not on domain, using a local Admin account, hardwired into CN, Netflix is blocked with secure connection failed. 9gag is NOT blocked at all.

On a VM 1, on domain, using an Admin account for Domain, Hard Wired into either PN or DMZ, both sites are blocked with the User Check Page

 

Priority is making sure things are blocked on WiFi, specifically phones and iPads, so the works can't access sites they shouldn't be with them.

 

 

 

0 Kudos
1 Reply
Highlighted
Admin
Admin

Are you managing the policy for this SMB device locally via WebUI or from Central Management?

The difference in block page behavior would be explained by using HTTPS Inspection on some segments, but not others.
Are you using it?

This would also explain why 9gag is not being correctly detected in some instances.
This is because 9gag is using CloudFlare for DDoS protection, which uses a wildcard TLS certificate unrelated to 9gag.
With HTTPS Inspection, we can see what site the user is going to.
Without HTTPS Inspection, we have to rely on SNI detection, something the SMB codebase does not do currently.
For non-SMB gateways, this functionality was added In R80.30.

0 Kudos