Here at the customer site the clients only have over the CP proxy access to the internet.
For SSL certificate revocation checks the clients are fetching CRL lists according the different certificates they using.
Now, it does not exist a "CRL Application" in the application control or any category for this.
As a workaround the customer is using a manual "CRL list" which is not a good solution for CRL fetching.
The only way seems to be to create a custom application for this, as example using the mime type of .crl here:
Matching mime types would be:
I know about the possibility with the signature tool for custom application control or url filtering but this is not an option for the customer.
The question is now how are other check point admins doing the filtering for this?
Is there any feature available for CRL filtering from check point I don't know about it?
Maybe the above could be added in a future release, I have seen that other firewall-vendors are doing the same like above.