Is there way to find out if site/ip is blocked by IPS/URLF via command line?
In short: no.
For URLF, you may be able to do it in SmartConsole using Packet Mode, a new way of searching through your security policy in R80.10
Can you describe your intended use case?
Our help desk is taking multiple tickets a day with basic question. Are we blocking this site?
I want to create a self-help portal where the user enters the destination URL. I want to automate the process to see if the URL and port are open or not. If firewall is blocking the URL/port it would create ticket for the Cybersecurity team.
Currently there is no API to do what you want.
That said, you could simulate this with scripted calls to curl or similar to the destination URL from a system subject to the same URLF policy as your end users.
If curl is able to download the homepage from the URL, then you're not blocking access to it.
If curl returns some sort of error or gets a UserCheck page, then you are and a ticket should be created.
The trick is in parsing the output of curl to figure out which result is which.
I suspect that the SmartEvent could be used to determine when the URLF and App Control block sites and trigger notification events for the CyberSec team by either email, snmp traps etc.
I understand the Neil question and frustration, I try the best to describe the situation and please do not reply it work as intended...and you need to enable HTTPS inspection.
We got the same issues with URL blocked....unnecessary calls to our help desk.
Assuming we block you "youtube.com", if the user is accessing the site with HTTP then the wonderful "blocked message page" is displayed. That is great and the user know the paged is blocked...end of story.
Now, the user or most Internet pages are redirected to "HTTPS"...from google to youtube to your banking.....etc,etc.
https://youtube.com is still blocked by URL filtering without HTTPS inspection ...known this by searching at Smartlog, Tracker, Events....
but NO wonderful blocked page is display to the user.....just a "Secure Connection Failed" is displayed, prompting the user to initiate a call to the help desk.
If you want a block page for HTTPS sites to show to the end user, you will have to enable HTTPS Inspection.
If you don't really want to do HTTPS Inspection, I suppose you could simply enable the feature with any "any any bypass" rule.
However, I have not tried this.
Either way, HTTPS Inspection needs to be enabled in order to show a block page for HTTPS sites to end users.
Retrieving data ...