Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
roy_adir
Explorer

White list URL

Hi,

I'm using CheckPoint 790 appliance.
I'm trying to block all internal address outgoing to the internet except white list URL that I had made.
I set up the blade control regarding to the firewall policy on Strict mode, and now the last rule on Outgoing section on the policy is : Any- Internet - Block.
Above it, I made a manual rule says: Any - Internet - My white list URL and accept.

After this, no one can browse inside the organization to the internet to my White list.

I could have some help regarding to this, what do I do wrong?

thanks!

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

If you don't mind sharing, what is the URL in question?

Note that if it's an HTTPS URL, then you may also need to enable HTTPS Inspection.

0 Kudos
roy_adir
Explorer

Hi,

Thank you for your respond!

its a mixed of web site, banks and web sites related to work.

I may have on that list HTTPS web sites.

but the thing is, when i'm doing the steps I wrote above, no one have an internet at all.

on the logs, it says the user has blocked because of rule number 5 which is the auto generated rule was created due Strict option I did on Firewall blade:

Any- Internet - Block..

0 Kudos
PhoneBoy
Admin
Admin

For some sites to be detected properly (particularly ones with HTTPS) you may need to enable HTTPS Inspection, which was added in the R70.20.70 firmware release.

If you do not do this, it is possible the gateway will not be able to detect the particular URL correctly.

If that's the case for all the URLs you've decided to whitelist, then the behavior you are seeing is expected.

0 Kudos
roy_adir
Explorer

That's helped, so thank you ver much for that!

however, I have one web site, which is HTTPS, and it doesnt have a certificate. so even with HTTPS inspection - 

I cannot properly go into. only when i'm disable the inspection I can browse to it.

there is any way I can get his certificate from the owner and install it on the checkpoint?

if I can, how can I do it?

thank you!

0 Kudos
PhoneBoy
Admin
Admin

A site can't be HTTPS without having a certificate.

However, HTTPS Inspection can fail for any number of reasons.

There should be logs that indicate why it is failing.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events