Re: Zoom and Custom Application/Site

JPR · ‎2025-02-19

I got two questions I hope some of you can help me with.

1)

I have a rule in my rulebase that looks like this:

The content of the Custom Application Site is this:

I have a rule further down that blocks various categories. When I go to https://zoom.com it hits the rule above and I get to the site. When I go to https://zoom.us it doesn't hit the rule above, but continues and gets blocked by the rule that block various categories. Do any of you have any idea as to why that is?

2)

Zoom.us gets blocked because it falls into the category of "Web Confenrencing":

The funny thing is, though, we don't block for that:

Do any of you have an idea to why it gets blocked anyway?

Thanks!

Tal_Paz-Fridman · ‎2025-02-19

Have you tried using the predefined Zoom applications?

Zoom Application.png

Zoom Applications.png

JPR · ‎2025-02-19

Sorry, I can see I needed to add a bit more context.

The thing is, that it is an inline rule:

So we allow conncetions to zoom.com and zoom.us unless it is one of these URLS:

We don't allow people to join Zoom meetings from our internal environment, but they need to be able to schedule meetings and so on.

AkosBakos · ‎2025-02-19

Hi @JPR

The HTTPs Inspection is enabled on the firewall?

2025-02-19 13_14_28-Zoom and Custom Application_Site - Check Point CheckMates.png

https://support.checkpoint.com/results/sk/sk106623

Akos

----------------
\m/_(>_<)_\m/

PhoneBoy · ‎2025-02-19

That’s weird because zoom.us shows up as Computers/Internet when I look it up:

Do the logs explicitly say this is the rule that is blocking the traffic?
And are you using HTTPS Inspection because you can’t block on a specific HTTPS URL without it.

JPR · ‎2025-02-20

I've tried to modify my rule(s) the way Akos suggested and it worked yesterday, but this morning zoom.us was again being blocked:

HTTPS Inspection in enabled and it gets inspected, however, I no longer see any categorization in the actual log:

And I experience the same for cran.r-project.org that gets categorized as Computer/Internet (which we don't block), however, it hits our blocking of categories rule. And again there's no category in the log in SmarteConsole.

The above was a mistake. cran.r-project.org is categorized as Software Downloads and that we are blocking (r-project.org is categorized as Computers/Internet and works); my bad...

I still don't see any categories in the Smart Console logs. Is that an issue, though?

Any ideas? 😕

PhoneBoy · ‎2025-02-20

I suggest involving TAC here.

the_rock · ‎2025-02-20

What I always do in my lab is create custom category like you did, but simply add *zoom*, thats it.

Andy

JPR · ‎2025-02-21

Thanks to all of you; always appreciate your input 🙂

I think I got it to work, however, I'm still a little worried/suspicious as to why it started working rather randomly especially access to zoom.us.

I tried with URLs as Regex as Akos suggested, but I've ended up just doing it non-regex and it seems to work after some trial and error with the URLs.

I'm considering involving TAC regarding the issue with categorization and missing categories in the log file, but I just want to be sure it's not just a simple mistake in my end.

the_rock · ‎2025-02-21

I think thats a good idea, they can definitely confirm.

Andy

Are you a member of CheckMates?

Zoom and Custom Application/Site