Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
boom247
Contributor
Jump to solution

URL Filtering https disabled

Hi CheckMates

 

I have a gateway running R81.20 and trying to do url filtering but it's not working as expected. Not blocking the categories.

Is https inspection a pre-requisite for url filtering?

 

0 Kudos
1 Solution

Accepted Solutions
boom247
Contributor

Thanks all, eventually got it working. I enabled the blade under the standard policy. As Lend mentioned, it's not showing any block pages, guess will have to enable https for that.

Screenshot 2024-08-08 154937.png

 

 

 

View solution in original post

7 Replies
Gojira
Collaborator
Collaborator

No its not.

Make sure you have categorize https sites enabled under management & settigns > blades > app control url filtering

 

 

image.png

0 Kudos
boom247
Contributor

Thanks Gojira, I do have these settings enabled.

It's worth mentioning that the deployment is in a bridged mode. I have 2 interfaces, one in and one for outgoing.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

What do you have configured in the destination field of the policy (Any), does the logs see the traffic as HTTPS or QUIC (you may have to block the latter)?

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend

Well, put it this way. You can have pages blocked, BUT, it will look goofy, for the lack of the better term, as block page will never show up. If you need help, I have perfectly working lab, so can show you.

Best,

Andy

0 Kudos
the_rock
Legend
Legend

Also, to add to my last comment, FWIW...without ssl inspection, firewall cant be "man in the middle (MITM)", so nothing to inspect to begin with, tus you would never see the block page. Also, considering that literally 99.99% of the sites nowdays are https, it only makes sense to have that enabled. You wont see much difference in cpu/memory if you are running powerful hardware.

Andy

0 Kudos
boom247
Contributor

Thanks all, eventually got it working. I enabled the blade under the standard policy. As Lend mentioned, it's not showing any block pages, guess will have to enable https for that.

Screenshot 2024-08-08 154937.png

 

 

 

the_rock
Legend
Legend

That looks right. I sent the link I made about this on community while ago, so you can also refere to it.

Andy

https://community.checkpoint.com/t5/Security-Gateways/Https-inspection-lab-guide/m-p/214429#M40929

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events