This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Marquevis
Contributor
‎2023-11-24 04:15 AM
Jump to solution

How to configure the gateway to reject downloads greater than X MB.

Hello everybody.

I received a request from a customer to configure a rule in the gateway policy to block downloads of files larger than 500 MB.

I enabled https inspection to the gateway can do full inspection on the HTTPS protocol and I enabled the content Awareness blade so I can create the rules.

Import the https inspection certificate to the client machine and see the inspection being done.

I created the rule in my policy with the source being an AD group, the destination INTERNET and in the "Content" column I put it to consider any direction. I also added the "Large Archive", "Large Archive" objects and a few others (the screenshot is attached).

I configured the "Large Archive" and "Large Archive" objects to identify files larger than 500 GB in the properties. I even put a smaller size (for example 1MB, 10MB) to test too.

When the client starts downloading the file (for example, a 1 GB ISO) I see that the traffic does not match the rule I created.

So I have two questions: Can I meet the customer's requirements at the gateway? If so, what else needs to be done?

The customer has a centrally managed enterprise gateway cluster in version R81.10 take 95.

Preview file
61 KB
0 Kudos
1 Solution

Accepted Solutions
Marquevis
Contributor
‎2023-11-27 11:32 AM
Jump to solution

Hello,

We discovered that checkpoint is compatible with some file extensions.

We were testing on a website that downloads files with the .dat extension. This extension is not compatible, so it did not match the rule.

Reference follows:

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_DataLossPrevention_AdminGuide/Topi...

For our configuration to work, we use content awareness and https inspection.

View solution in original post

0 Kudos
4 Replies
_Val_
Admin
Admin
‎2023-11-27 01:14 AM
Jump to solution

Which rule is being matched when you download a large file?

0 Kudos
_Val_
Admin
Admin
‎2023-11-27 01:14 AM
Jump to solution

Which rule is being matched when you download a large file?

0 Kudos
_Val_
Admin
Admin
‎2023-11-27 01:16 AM
Jump to solution

Also, did you try to change the Access Role to just the local network? Is file downloaded through office to internet HTTPS session? Not enough info here to help you out.

0 Kudos
Marquevis
Contributor
‎2023-11-27 11:32 AM
Jump to solution

Hello,

We discovered that checkpoint is compatible with some file extensions.

We were testing on a website that downloads files with the .dat extension. This extension is not compatible, so it did not match the rule.

Reference follows:

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_DataLossPrevention_AdminGuide/Topi...

For our configuration to work, we use content awareness and https inspection.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events