Yes i did try that first. it blocks lots of internal apps as well that are required. so decided to block only the specific ones.

Funny thing is Microsoft copilot was not blocked even when using the whole AI category.

You can add the specific application to the rule:

Yes i have done the same thing. ChatGPT and Google Gemini are being blocked but not Microsoft Copilot.

Please see the image attached.

I see. I will ask relevant teams to look at this.

Thanks a lot.

If you haven't already, I suggest opening a TAC case: https://help.checkpoint.com 

That could be the thing. we have not enabled https inspection, instead using SNI, and its working for other two Apps. not for MS Copilot though.

due to the URL redirection, I guess SNI is not working as expected.

@PhoneBoy  what do you think, should raise a TAC case?

That could be the issue, you most likely need ssl inspection turned on, not sure how it can work otherwise.

Andy

Also, check out this post from 2021. I know that was before R81.20, but it has lots of GREAT responses.

Andy

https://community.checkpoint.com/t5/Security-Gateways/Categorize-HTTPS-Websites/m-p/134729/emcs_t/S2...

That was a good read. Thanks a lot.

No problem. @_Val_ explained it really well in one of his posts there.

Andy

To block a specific URL (e.g. bing.com/chat), you definitely will need HTTPS Inspection.
Possible that is required for the App Control signature to work.

Yes i understand. Thanks a lot.

100% you would need ssl inspection enabled for the app control to fully function, for sure.

Let me try explain it in simple terms, hope it will make sense, but if not, let me know...so with ssl inspection on, fw will act as MITM (man in the middle), intercepting requests between client/server. Without it, yes, you can block pages, BUT, block page will never show up, as there would be nothing for the firewall to inspect/intercept.

Same goes for any app you wish to block.

Andy