Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
JPR
Contributor

Problem with sites getting categorized as Low Risk and blocked

Hi,

Our firewall are blocking "Low Risk" sites even though we do not block "Low Risk" as a category and according to Check Point's online URL Categorization the site it isn't "Low Risk".

E.g. bedrevejr[.]dk gets categorized by our firewall as "Low Risk" and gets blocked:

bv.png

 

But by checking it online it gets categorized as "News / Media":

bv2.png

It hits a rule in our rule set where we block various categories, however, as mentioned above we do not block "Low Risk" as a category. Does anyone know what is going on and perhaps how it can be solved?

This is just an example. We have experienced it with other sites as well. Sometimes the "Low Risk" category just disappears and we can access the site site again and then the next day it's categorized as "Low Risk" and gets blocked. For some sites I have whitelisted them, however, I don't see that as a viable solution.

Thanks!

0 Kudos
10 Replies
George_Ellis
Advisor

You are not alone.  It is an ongoing issue for us and has been in escalated with no joy.

PhoneBoy
Admin
Admin

Can you show a log card (sensitive details redacted) of something that is getting blocked in this manner?

JPR
Contributor

Hi PhoneBoy,

Yeah, it looks like this:

bv3.png

I had actually whitelisted the site, however, it's still categroized as "Low Risk".

0 Kudos
JPR
Contributor

And here's the HTTPS Inspection:

bv4.png

0 Kudos
JPR
Contributor

And at the moment lego[.]com is also categorized as "Low Risk":lego2.png

0 Kudos
the_rock
Legend
Legend

Can you bypass it in https inspection policy to see if same issue persists?

Best,

Andy

0 Kudos
George_Ellis
Advisor

I know we are not doing https inspection in the base configuration.  And in the HTTPS Inspection policy it stated that it will only be enforced if it is enabled.

 

 

the_rock
Legend
Legend

See if this post helps.

Andy

https://community.checkpoint.com/t5/Management/Lots-of-sites-being-categorized-as-anonymizers-inc-Sp...

Specially this update from Jennifer:

the_rock_0-1710269487768.png

 

Jennifer_Wilson
Contributor

 

Please find update from Checkpoint below :

'Currently, we have received multiple complaints about this issue and it was brought to the highest ranks in support and R&D departments, this issue is related to CP side and is being handled as we speak by our internal teams,

We appreciate your patience and cooperation in reporting this issue.
I will update you on the progress and possible steps to solve this issue once I get news from R&D'

0 Kudos
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
the_rock_1-1710269487769.png

 

gmorrow205
Explorer

 

Any news on the fix?  I have a case open and got the same "known issue" response. 

0 Kudos
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
the_rock_2-1710269487770.png

 

Jennifer_Wilson
Contributor

 

they have said a new application control db has been uploaded to the Gateways (but not the Management server), dated 05/03/2024 time 10:3x Update number 050324_3, which I've checked is now there. (cpview/Software-Blades/Overview-Updates Information:)
I am having a look now but Bing and open.spotify look good so far.

0 Kudos
George_Ellis
Advisor

One of my co-workers just spotted this one (and it will get blocked)

 

urlcat.png

George_Ellis
Advisor

Thank goodness for working from home and split tunneling.

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events