- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: how do go about blocking a particular resource...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how do go about blocking a particular resource that i see on the ips log?
so i see this log on the checkpoint:
How do i go about blocking this resource "syndication.exoclick.com" on port 53? do i need to create a url rule for that? and how would it look like (we have url filtering blade enabled but not https inspection, categorize https inspection is enabled though). And if not url filtering then how else would i block it?
Thank You.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just my personal opinion...what I would do is create a rule that has a source as custom application/site object and in there, simply add under url list *syndication.exoclick*
I find that doing it that way works 100% of the time, at least from my experience. Slap that as the source, destination any, action block, log and thats it.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for replying but shouldn't it be a destination? You say source but it should be destination right?and source should be our internal network? And service selected should be 53?
And just to be clear *syndication.exoclick* will cover the "syndication.exoclick.com" url?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, but my apologies, my first reply is wrong, my bad.
Let me rephrase that...you cant do it as source or dst, you do it under service/application tabs...need more coffee :)). So once you had created that custom app/site, you have a rule like this, just tested it in my lab:
source -> any
destination -> Internet
vpn -> any
services & application -> custom app/site object you create (I named it sundication.exoclick and in "match by" I simply added *syndication.exoclick* and yes, 100% covers anything or any sub domain for that. Its literally if you wanted to block anything facebook under the sun, you could do the same *facebook*. I tried it many times and works like a charm.
action -> block
track -> log
If you have any issues, hit me up and we can do remote.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oh thank you once again for the quick reply, I will try it out and update here and if it doesn't work I will reach out to you thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any time!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Forgot to mention, yes, you can also add services to rule like that, so if you ONLY wish to block service with port 53, you can do so, no problem...BUT, just be vigilant not to inadvertently block access to important service for network that should have it, thats all.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using a custom application/site won’t work for things that aren’t http/https.
It is the sort of thing enabling DNS Trap will help with, which basically rewrites these lookups to “trap” IP addresses.
Note that prior to R81, these events show up as Detect even though they are effectively prevented.