This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Sagar_Manandhar
Advisor
‎2017-08-21 08:32 AM

Application and Url filtering not working

Jump to solution

Hi,

i am using 5600 appliance and there i have written different application and url filtering policy in which pornography and media stream(category)  is at top and is block. But all the client are being able to access the porn site and media.

when i see the log of application and url it show allow but when i click to "Go to policy" tab there comes the error "the rule does not exist anymore". What may be the reason?.

Reply
1 Solution

Accepted Solutions
Sagar_Manandhar
Advisor
‎2017-08-23 08:26 PM

Jump to solution

Thanks all for your concern.. the problem is solved.. i restore the working date database from the database revision control. and make some changes to the DNS of the gateway. And now its working fine. i found that the management was downloading the update of the url and application filter but was unable to push to the gateway and made a policy for the gateway.

Thanks.

Sagar Manandhar

View solution in original post

0 Kudos
Reply
10 Replies
Daniel_Taney
Advisor
‎2017-08-21 12:06 PM

Jump to solution

What happens if you copy + paste that access rule into the policy as a new rule, delete the original, and push policy? That should create the rule with a new Rule ID. Maybe something just got corrupt with that rule in the database?

R80 CCSA / CCSE
Reply
Sagar_Manandhar
Advisor
‎2017-08-21 09:04 PM
In response to Daniel_Taney

Jump to solution

yes, i have tried it too but not working. Is there any hotfix for it?

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2017-08-21 11:34 PM

Jump to solution

If you look at the log message, it will tell you exactly why the traffic was allowed: There was an "Internal System Error."

There is a fail open/close switch for that situation.

In this case, that setting is allow.

When you go find the rule that allowed the traffic, it doesn't exist.

Of course, you can set it to fail close if you prefer.

Here's where to make that change:

This begs the question: why the internal system error?

That will likely require a TAC case to troubleshoot.

"Internal System Error occurred" log in SmartView Tracker while trying to categorize resource 

Reply
Sagar_Manandhar
Advisor
‎2017-08-23 08:26 PM

Jump to solution

Thanks all for your concern.. the problem is solved.. i restore the working date database from the database revision control. and make some changes to the DNS of the gateway. And now its working fine. i found that the management was downloading the update of the url and application filter but was unable to push to the gateway and made a policy for the gateway.

Thanks.

Sagar Manandhar

View solution in original post

0 Kudos
Reply
Kul
Contributor
‎2019-05-15 01:45 PM
In response to Sagar_Manandhar

Jump to solution

Hello everyone ,

I am using r77.30 pm standalone system. 

URL filtering and blocking is not working. It is allowed by standard policy. 

I tried to ssh it says upgrade is under process. 

It is not blocking any URL or sites. Could you guys kindly reply with some suggestions.i tried to troubleshoot but still Could not resolve 

0 Kudos
Reply
Nick_Doropoulos
Advisor
‎2019-05-16 12:54 AM
In response to Kul

Jump to solution

Hi Kurl,

Could you provide some more information about the problem at hand by answering the following questions:

1) Is it http, https-based sites or both that you are having issues with?

2) Have you enabled the Application Control and URLF blades on the gateway?

3) How have you configured the policy to block those sites?

4) What do you see in the logs?

Many thanks.

0 Kudos
Reply
Kul
Contributor
‎2019-05-18 09:56 PM
In response to Nick_Doropoulos

Jump to solution

hi silver ,

I see that the traffic is accepted .i can ping internet i just cant browse .

Below is the troubleshoot summary:

-- Checked for the drops on firewall but not getting any logs for the test machine.


-- Firewall is accepting the traffic and it is reaching to isp router as well but the communication is not happening.

-- Ping is happening properly but unable to access the same is browsers.

-- Disabled threat prevention blades, application and url filtering blade but the same issue.

-- Then enabled blades again, still the same issue.

-- You have checked with isp router by directly connecting the desktop, then you are not facing any kind issues while accessing. 

-- Created one more profile, installed the policy but no luck.

Reply
Nick_Doropoulos
Advisor
‎2019-05-19 01:43 PM
In response to Kul

Jump to solution

Hi Kul,

If you can ping the Internet but can't browse then you probably don't have DNS as an allowed service on the relevant policy.

Can you check if that is the case?

0 Kudos
Reply
6dd15084-b97a-4
Contributor
‎2019-07-19 12:57 AM
In response to Nick_Doropoulos

Jump to solution

also check NAT policy 

0 Kudos
Reply
Francesco_Scati
Explorer
‎2020-04-27 12:44 PM
In response to Sagar_Manandhar

Jump to solution

Hi,

It looks like the same issue I'm having on a SMB 1470.

If I check the status of RAD services under URL Filtering it cannot communicate with cws.checkpoint.com:80.

URL filtering and application control are not filtering furthermore some destinations like Facebook and YouTube are unreachable.

I had already several remote sessions with 6 Check Point engineer but no luck.

 

Could you please tell me what do you mean when you changed something on the DNS?

Thank you!

Regards

 

Francesco

0 Kudos
Reply