This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
fabiofabio
Collaborator
‎2022-08-23 03:24 AM
Jump to solution

usercheck page doesn't display

good morning,
I have created a rule specifically to block internet pages that a group of users cannot access and it works, they are blocked, the problem is that I have set up a usercheck page to make it clear to users that they cannot open it due to permissions, but this does not open. I put some screenshots to make you understand. suggestions on what the problem might be? thank you in advance, any suggestion is welcome 🙂

gaia 80.40 jumbo HF 158

Cattwafegsrhtjyura.PNG

Catghjfdhfgtura.PNG

Caadgfrtttura.PNG

Cattretrytuura.PNG

 

 

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin
‎2022-08-23 03:32 AM
Jump to solution

As I can see in the logs, the traffic is HTTPS. Redirect on HTTPS only works if you enable HTTPS Inspection. HTTP clear text sites will be redirected to the UserCheck. 

View solution in original post

0 Kudos
(1)
8 Replies
_Val_
Admin
Admin
‎2022-08-23 03:32 AM
Jump to solution

As I can see in the logs, the traffic is HTTPS. Redirect on HTTPS only works if you enable HTTPS Inspection. HTTP clear text sites will be redirected to the UserCheck. 

0 Kudos
(1)
fabiofabio
Collaborator
‎2022-08-24 11:58 PM
In response to _Val_
Jump to solution

I have activated HTTPS inspection but it does not block the page, below I show the logs and the rule created to block that specific page. The rule is ignored and the web page is allowed to pass by a subsequent rule ... What am I doing wrong?

Cattgfgdsfgura.PNG

Cattura111.PNG

Cattura222.PNG

thanks!

 

 

 

0 Kudos
_Val_
Admin
Admin
‎2022-08-25 04:05 AM
In response to fabiofabio
Jump to solution

I assume, in rule 51 the source is an internal host, correct?

However, the destination is unclear. What do you use there, exactly? IP ranges? And why is service any? It should be web services only. There will be no blocking page for anything but HTTP/HTTPS

0 Kudos
fabiofabio
Collaborator
‎2022-08-29 01:23 AM
In response to _Val_
Jump to solution

yes, as a source was my ip address, i'v tried to change it with my domain user, i'v tried to specify https service too:

Cattura443.PNG

 

but it doesnt work, there is the logs:

Cattura444.PNG

 

what am i doing wrong? it should work, right?

0 Kudos
_Val_
Admin
Admin
‎2022-08-29 01:35 AM
In response to fabiofabio
Jump to solution

As already mentioned, please add a user role to the source, and limit services to http/https. Once done, push the policy and check again. Also, the logs about the CLR issue need to be investigated

 

0 Kudos
fabiofabio
Collaborator
‎2022-08-29 11:15 PM
In response to _Val_
Jump to solution

thank you for the support, at the end i have figured it out. was my mistake on the rule in the application layer... i was using in source ad user access role that can't be retrieved from my DC, so, the rule was skipped bue this problem and iw as using in the destination, the site i wanted to block. instead of putting it in the destination, it goes in the services / applications column. Now it's working but, like you sayd... the usercheck page display only with https inspection enabled. I hope this can help someone struggling like me with simple mistakes.

_Val_
Admin
Admin
‎2022-08-30 12:09 AM
In response to fabiofabio
Jump to solution

I am glad you figured this out. Simple mistakes are the hardest to spot 🙂

Chris_Atkinson
Employee Employee
Employee
‎2022-08-25 04:52 AM
In response to fabiofabio
Jump to solution

Agree with Val, rule 51 needs changes at a minimum to the services column.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Thu 25 Apr 2024 @ 10:00 AM (CEST)

    The Anatomy of a Cloud Hack by NotSoSecure - EMEA Session

    Thu 25 Apr 2024 @ 06:00 PM (IDT)

    The Anatomy of a Cloud Hack by NotSoSecure - America Session
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    Virtual

    Thu 02 May 2024 @ 05:00 PM (CEST)

    SASE Masters: Deploying Harmony SASE for a 6,000-Strong Workforce in a Single Weekend
    CheckMates Events