Hey Larry,

Nice one.

Now I need to know where I went wrong. Any change you can share the files you used?

Cheers,

Steve

Or LP for short (aka Larry Portokalo, that comes from good old movie "My big fat Greek wedding" classic lol)

Anywho, I used exact same things you posted in one of the previous responses, just copied them in excel and imported that into custom app object, will send screenshot later.

On another note, thats name I adopted when scammers call me, Lawrence Senior Portokalo, takes forever to spell it, plus, wasting scammers' time is so NOT a waste of time!

Best,

LP

Cool. 🙂 Thanks LP 😉

Enjoy the rest of the AI (Lakera) session.

I WAS enjoying it until I mistaknly hit to reboot (doh)...Im sure there will be recording.

Andy

Here it is.

Andy

Hi Don,

Just wanted to let you know if you need anything tested in the lab, since I have it working, happy to do it. By the way, my mgmt is R82 jumbo 41 and cluster is R81.20 jumbo 115 (all latest ones). I also have dedicated smart event server, but thats not super relevant here, but in case we need any additional logging.

Best,

Andy 

Hi Andy,

I just got around to catching up on this thread properly.

I thought that you were testing the all-new feature, Dynamic URL List, only available in R82 JHFA Take 41 and R81.20 JHFA Take 115, but it looks like you tested a standard custom Application/Site with the list as Regular Expressions. and not the new feature.

Where I was focusing my attention ,and what I was testing was, Dynamic URL List and that testing involves creating the custom Application/Site but that only contains a single url (the link to the external feed).

When you are working with dynamic_urls_lists.C in $FWDIR/appi/update/ then you are working with the new Dynamic URL List feature.

If you look at the collection of files I attached before you will see all of that and my configuration.

Using Dynamic URL Lists for Application Control and URL Filtering

Starting from R82 Jumbo Hotfix Accumulator Take 41, you can create a Dynamic URL List for Application Control and URL Filtering. The Dynamic URL List allows automatic update of the URL list based on a feed file, without requiring a policy installation for each URL change. Policy installation is only needed when modifying the configuration of the URL list itself (such as adding a new Dynamic URL List object or changing feed location). This feature provides greater flexibility and efficiency when managing allow lists and block lists.

https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_SecurityManagement_AdminGuide/Cont... 

You are absolutely right. I will test that in the lab tomorrow and update you.

Andy

Great. Thanks. 

LP got this, dont worry ; )

Andy

Hey Don,

I thought my brain was going to be "clearer" after long bike ride, but, no joy, sorry mate : - (. I tried exactly what was mentioned in that link, verified everything 3 times, but randomly, page may work, then it would not work, BUT, even when it does not work, it NEVER shows block page.

Andy

Got little further now...got block page once, ended up rebooting both cluster nodes, but after that, again, worked one time, but then exact same behavior as before, its super random.

Any news from TAC, Don?

Andy

Hi Andy LP,

Strange results..

I don't have a TAC case open. I had put it to  Phoneboy to bump someone in RnD to double check the documentation and/or my config and maybe re-test their side. 

Not sure when I will get a chance to test again but will let you know when I do. 

Cheers,

Don

I will definitely keep working at it myself as well.

Andy

I may try this on R82 as well, since so far I tested R81.20

Hey Don,

I had not forgotten about this. I have to go tomorrow to customer's site for some wireless stuff, but will check this further Thursday. I feel Im getting close to making it fully work.

Andy

Hi Hadi,

Thanks for this.

Will test ASAP and get back to you.

Hey Hadi,

I will also test it shortly and update.

Andy

Thats it, just tried R82, worked!

Hey guys,

Tried in R81.20, sadly, could not make it work, so I guess its only available in R82. @HadiFrohar is that correct?

Andy

Andy

Hey @the_rock 

Its available in R81.20 jumbo T115+

Hm...wondering why it did not work for me in the lab, since I am on jumbo 115. I used exact same method.

Andy

Check the directory (where the .C file is). Each time you install policy some files are touched or modified. Check the timestamps and see if they offer a clue.  

Did that too, I verified everything, looks exactly like in R82, but no luck...I even installed policy, but same issue. Let me reboot both cluster members : - )

Andy

@Don_Paterson 

And sure enough, like in good old days of Microsoft, if you rebooted 3 times, all magically worked...well, I only did it once in my lab lol

Andy

That's a great find!

Hey Don,

I did bit more checking on this and stumbled upon below, which lists IP ranges fore whatsapp.

Andy

https://raw.githubusercontent.com/HybridNetworks/whatsapp-cidr/main/WhatsApp/whatsapp_cidr_ipv4.txt