AnsweredAssumed Answered

Pandora Streaming Traffic intermittently 'redirected' as Malicous

Question asked by Daniel Morin on Apr 26, 2018
Latest reply on Jul 27, 2018 by Daniel Morin

We just recently received complaints that in the last 2 weeks streaming Pandora audio on our guest network intermittently freezes.   Restarting the Pandora session fixes the problem


Our guest WiFi network has a separate VLAN and internet connection than all of our other traffic.

We have a rule in our Application policy to block access to malicious sites originating from our guest VLANs, based on the Checkpoint pre-defined application category.

What we found in our logs was that intermittently Pandora traffic is 'redirected', being associated with the Phishing category.  Most of such entries are flagging URL similar to as phishing, where resolves to, which has PTR of so it is one of Pandora's IPs.


Checkpoint Support has had us add a rule above the Guest - Block Malicious Sites to specifically allow traffic classified as Pandora, but still we see redirects I just described.  We haven't received any further complaints though since having added the rule Support had suggested but these redirect entries associated with Pandora IPs I still see in the Block rule troubles me.

Looking further at the logs, I'm seeing log entries associated with the Block rule within 2 hours after having added the Allow Pandora rule where the log entry shows the category as Pandora, usrcheck message claiming access to is blocked by our security policy.   Since resolves to, why was it associated with Pandora traffic destined to (


Is anyone else seeing Pandora traffic affected as potentially malicious Phishing traffic?