Hi
Does anyone know if there are any restrictions on scanning malicious URLs when using monitor mode?
I am currently testing the check point e-mail security function in the internal environment in monitor mode.
Since it is a traffic mirror environment, MTA is disabled and only Threat Emulation, anti-virus, and anti-bot functions are enabled.
Functions such as file emulation are showing satisfactory test results.
However, in the case of mailcious URLs attached to e-mails, it seems that they cannot be inspected properly in Monitor mode.
As far as I know, malicious URLs should generate logs after performing reputation-based inspection.
Reputation.However, in the current test environment, no logs related to URLs are left.
It looks like it probably doesn't perform any checks.
I tested in a real environment, not a mirror environment, to check if the test URL information was incorrect.
In a real environment, I checked the normal URL inspection log as expected.
As mentioned at the beginning, if there are any restrictions when using the monitor mode in these inspection logics, please let us know.
Thanks