This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
ledesgagnes
Explorer
‎2019-09-11 07:33 AM

Unable to allow a URL via WIFI but works from Ethernet

Hi,

To put in place a context, I am replacing a previous IT manager who left the enterprise several months ago.

I had a request put in place to allow certain URL which are in the Alcohol & Tobacco. So I went in Blade, under application and URL filtering and added a rule to allow this category.

I went with a source of: Any

Destination: Internet

Application: Category Alcohol & Tobacco

Action: Allow 

When I am on the network, the rule work without any issue. Once I disconnect the cable and get on the wifi and hit the same URL, I am sent to a Check Point Application Control Page, where it says that Access is blocked according to the organization security policy. It also provide a Reference: 0B34CDBD.

 

I did research on the web and I've looked around in Blade but didn't find anything that differentiate Ethernate from WIFI.

 

Thanks

 

0 Kudos
Reply
6 Replies
Maarten_Sjouw
Champion
Champion
‎2019-09-11 09:55 AM

What version are you running? When R80+ is the application/URL policy an inline layer? If so is there a different rule with inline layer for WiFi and LAN?
Regards, Maarten
0 Kudos
Reply
ledesgagnes
Explorer
‎2019-09-11 10:08 AM
In response to Maarten_Sjouw

Hi Maarten

 

R77.30, so it would be something else...

 

Thanks

Louis

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2019-09-11 01:39 PM

When it works, what rule is matched?
When it doesn't work, what rule is matched?
I suspect the block rule is happening before your allow rule.
0 Kudos
Reply
ledesgagnes
Explorer
‎2019-09-12 11:10 AM
In response to PhoneBoy

I was suspecting that as well so I have removed the block rule (there was only one for that category)...but for a reason I don't understand it still applies it when I am on the WIFI. I did a lookup to see if there was any other rule which was using that Category but there wasn't.

If feels like there's a section for Ethernet which I see by default and another one for WIFI that's hidden by default and that I can't find.

 

 

0 Kudos
Reply
Maarten_Sjouw
Champion
Champion
‎2019-09-12 01:44 PM
In response to ledesgagnes

Be aware that in the Application rules your only reference is the name column. The name is all you will see in the logging, so that is the only way to identify which rule it matches on.
Regards, Maarten
0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2019-09-13 01:05 PM
In response to ledesgagnes

It may be getting blocked by an entirely different rule under a completely different category.
Make sure logging is enabled for every App Control rule.
0 Kudos
Reply