This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Arun_Malipatil1
Participant
‎2020-01-21 03:31 AM

Check Point URLF for inbound traffic

We use Check Point URL filtering for controlling the access to websites hosted outside the organization and we follow blacklisting mechanism to block access to a particular website. Now, in my scenario, I have a web server(behind the CHKP FW) hosting multiple websites using the same IP(10.10.10.100--NATed-to-a-public-IP-on CHKP) and port 80 for all the websites. The differentiation of each site can be done using the HTTP unique attribute called Host Header.

My Questions:

1. Is there a way we can use URL filtering to block access to a few of my webserver from the Internet?

2. If not, do we have any other way?

 

Note: As both IP addresses and Port numbers are same for all the internal web servers I cannot use NAT and FW rule base to block certain sites.

 

 

0 Kudos
6 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-01-21 06:15 AM

My first question is : what do you want to achieve with this setting ? You do have several virtual servers hosting websites on one server with identical IP and port, so if you do not want anyone from internet connect to some websites, just unpublish them. For having internal (blocked from internet access) and public servers i would just use a different configuration...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Arun_Malipatil1
Participant
‎2020-01-23 05:23 AM
In response to G_W_Albrecht

As customer was performing internal audit which led us to such requirement and without making any changes on servers. 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-01-21 08:20 AM

You should be able to achieve this with Application Control, possibly using custom signatures generated with the Application Control Signature Tool.
0 Kudos
Arun_Malipatil1
Participant
‎2020-01-23 05:26 AM
In response to PhoneBoy

  • Thank you PhoneBoy! Where I can find the AppCtrl signature tool? Do we need to contact support team? 
0 Kudos
Wolfgang
MVP Gold
MVP Gold
‎2020-01-23 06:29 AM
In response to Arun_Malipatil1

Inbound URL-Filter works like outbound URL-filter. The same way you can block from your internal clients access to www.my-webserver.com you can do from external. Define your webserver as website in the URL-Filter-blade and configure a block rule with these website. You have to enable URLF-blade for this.

You don't need the  AppCtrl signature tool, it's all based on the URLs. 

webserver.png

rule.png

Wolfgang

0 Kudos
PhoneBoy
Admin
Admin
‎2020-01-23 11:43 AM
In response to Wolfgang

The only reason I suggested the ACST was because, depending on the requirements, it may not be sufficient.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events