This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sree_checkpoint
Explorer
‎2019-10-25 02:11 AM

URL filtering not working

On the Checkpoint management server we have ordered layer for our access rules. 

Access 

Application and URL filtering.

 

We need to whitelist certain subnet to access certain specific urls and the rest of the Internet access from those subnet is denied by the default deny rule in the Application  and Url filetering rule base. Below are some of the urls I need whitelisted.

https://api.nuger.org

https://www.nuget.org/ 

 

So for this access I created a new custom Application/Site and created a rule in the application/url filtering rulebase with source as the subnet, destination as any and in service/applications I put the newly created custom application/site and action permit

 

When i check the custom Application/site i created I could see http, https is allowed.

 

Now when i try to access the website from the host in that subnet it is still getting blocked as per the default deny rule in the Application and url filtering rule base,even though I have kept the new created rule above default deny.

 

Can someone please help me to understand why this is causing this and what is the solution.

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2019-10-25 04:07 PM

Unless you are using R80.20 with JHF 117 or above or R80.30, the way we determine what site you are connecting to with HTTPS is the CN of the certificate of the site in question.
For api.nuger.org, the CN says surveymonkey.eu.
For www.nuget.org, the CN says *.nuget.org.

That means you will either need to:
1. Change your rules to match what the CN says for the sites in question.
2. Upgrade to R80.20 JHF 117+ or R80.30 where we filter based on verified client SNI.
Sree_checkpoint
Explorer
‎2019-10-30 09:10 AM
In response to PhoneBoy

My gateway is on R80.10 and hardware is open server. 

On the newly created application/url list I have put the CN of the website

 

for https://www.nuget.org , in the application/url list i have put *.nuget.org. Still the https traffic to this url is getting blocked by the default deny instead of the allowed rule. 

0 Kudos
mdjmcnally
Advisor
‎2019-10-30 12:28 PM
In response to Sree_checkpoint

On our policy then would be entering as

*nuget.org*

As the allowed URL

URLs are defined a Regular Express is unchecked.

Gateway is R77.30

0 Kudos
PhoneBoy
Admin
Admin
‎2019-10-31 07:56 AM
In response to mdjmcnally

It's possible that matching the CN of the certificate doesn't support wildcards.
Best to check with the TAC.
In any case, highly recommend upgrading from R80.10.

Another option is to use the Application Control Signature tool and create a SNI-based signature for the site in question.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events