This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HunterMathews
Explorer
‎2019-09-12 07:30 AM

User Check Page only showing up for some devices

I am currently configuring URL Filtering on a Check Point 1430.  I have 2 LANs coming in. Comcast Network (CN) and Plant Network (PN). There is also a DMZ configuring on the firewall. There is a Domain running on the networks. The DC sits solely on PN.

 

For example, I'm trying to block https://www.netflix.com and https://www.9gag.com

 

On my phone 1, going through CN WiFi, I get the User Check Page when accessing either page.

On Desktop 1, not on domain, using a local user account, and hardwired into CN, I get the User Check Page when accessing 9gag. When accessing Netflix, I get Connection Failed screen.

On  desktop 2, not on domain, using a local Admin account, using CN WiFi, Netflix is blocked with secure connection failed. 9gag is NOT blocked at all.

On desktop 2, not on domain, using a local Admin account, hardwired into CN, Netflix is blocked with secure connection failed. 9gag is NOT blocked at all.

On a VM 1, on domain, using an Admin account for Domain, Hard Wired into either PN or DMZ, both sites are blocked with the User Check Page

 

Priority is making sure things are blocked on WiFi, specifically phones and iPads, so the works can't access sites they shouldn't be with them.

 

 

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2019-09-12 05:30 PM

Are you managing the policy for this SMB device locally via WebUI or from Central Management?

The difference in block page behavior would be explained by using HTTPS Inspection on some segments, but not others.
Are you using it?

This would also explain why 9gag is not being correctly detected in some instances.
This is because 9gag is using CloudFlare for DDoS protection, which uses a wildcard TLS certificate unrelated to 9gag.
With HTTPS Inspection, we can see what site the user is going to.
Without HTTPS Inspection, we have to rely on SNI detection, something the SMB codebase does not do currently.
For non-SMB gateways, this functionality was added In R80.30.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events