Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Caez__
Explorer
Jump to solution

Can not block TikTok

Hi everyone. 

I'm having some problems blocking tiktok. Already block the app and domains with an Access Control Policy, in a way it worked but I still can see like 50% of the videos on the app. Is there something else that I can do?

Logs show that FW is blocking some traffic but the app uses different domains and cdn's to reach tiktok. Is there something else that I can do?

 

0 Kudos
1 Solution

Accepted Solutions
genisis__
Leader Leader
Leader

Just a quick note - Checkpoint have added tiktok as an application 

tiktok.png

View solution in original post

0 Kudos
17 Replies
the_rock
Legend
Legend

What I do and ALWAYS works is add custom app with *domain*

So, in your case just add custom site as *tiktok* and block it. Sometimes I found I may need to add any existing applications if they exist , but thats not often.

Andy

0 Kudos
Caez__
Explorer

This is the rule that I have created for this:

tiktok.png

 

 

I add on the tiktok custom site the app domains that I found here: https://www.netify.ai/resources/applications/tiktok . Is this what works for you? This is the config that blocks around half of the videos from the app for me.

0 Kudos
the_rock
Legend
Legend

I attached how I would create custom site...not sure if you did it the same.

Andy

0 Kudos
Caez__
Explorer

Yes, config is the same, you can find it attached.

Still, some videos are passing 

You think there's something else that I can do?

 

0 Kudos
the_rock
Legend
Legend

In that case, you may need to examine the logs carefully and see why that happens. Do you have https inspection enabled or not?

Andy

0 Kudos
Caez__
Explorer

I don't have https inspection. What I see on the logs is that the App & URL Policy for TikTok (7) is actually blocking traffic, but the App & URL Cleanup rule (16) is matching some traffic and letting it pass, I think this would explain why I can see some videos but I don't know how to fix it. Cleanup rule is configured to let pass all traffic.

Here you can find attached some evidence.

0 Kudos
the_rock
Legend
Legend

In some cases, you may need to add the IP addresses to block as well.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Cleanup rule is usually configured to drop all traffic not matched by other rules - that is how it got the name 😎.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
the_rock
Legend
Legend

True that my friend :-). But, in all seriousness, it is recommended by CP to allow all at the bottom of ordered url and app control layer.

0 Kudos
Caez__
Explorer

That's how we have configured the url and app layer, so the traffic pass the rule that blocks tiktok (even when other traffic to the same IP addres is being blocked for that policy like I mentioned before) and goes all the way down to cleanup rule that allows all. This happens with a lot of IP addresess of tiktok, not just the one from the capture "Permit and block to same IP" that I attached before. Would you recommend to trace and block all those IP addresess?

0 Kudos
the_rock
Legend
Legend

Yes, I would. Sadly, I had to do same for customers in some cases. Even TAC suggested the same. You can open support case to see if they suggest anything else though.

0 Kudos
the_rock
Legend
Legend

I will tell you what I find works the best, in my opinion...now, this might not be what most customers would do, but works well from what I experienced. Instead of say, creating another url and app control ordered layer, I always end up creating section towards the top of built in access layer with url and app control rules you need. The downside to it could be the fact that you have to enable those blades in this ordered layer, so acceleration might not work as well, but otherwise, I honestly had not seen any major issues with it.

0 Kudos
genisis__
Leader Leader
Leader

Just a quick note - Checkpoint have added tiktok as an application 

tiktok.png

0 Kudos
Cyber_Serge
Collaborator

I tried this method but this requires https inspection to work 100%. We see lot of traffic identified as TikTok and blocked, but the website still works and video still plays; Surely you'd think the easy solution is to enable https inspection, but that's not possible because we are talking about a wifi network. Users cannot be forced to download and install certificate for https inspection to work (especially on the mobile devices).

 

We are able to block correctly using Harmony Mobile following the sk; but that's only managed devices. Devices not managed/guest devices is the concern here.

 

Interested in hearing some other ideas or suggestions. Thanks

0 Kudos
Cyber_Serge
Collaborator

upon further investigation, we found out this is an issue and open a support case; it's blocking on some gateways but in one specific network and the gateway the traffic going out, it is not blocked.

G_W_Albrecht
Legend Legend
Legend

I know that - but i would call it PassAll rule...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
genisis__
Leader Leader
Leader

That's what I've always done, and agreed Checkpoint recommends that as well, so your application rules really should be block specific's and then allow everything else (as a generic rule of thumb).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events