- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hi,
For school exam we get several ranges of IP-addresses that is on the list for technical specs required to pass the firewall. The students log in and start their exam and when they are finished, uploads their finished documents. White-list approach is used to allow only port 80 and 443 destined for the specified IP-addresses. Everything else is blocked.
What is new this year is that they are allowed to access additional online based help, like dictionaries. The problem is the white-list approach where you allow only specified IP-address(es) for that domain. You end up with a web page that is not completely loaded since todays web sites are dynamic and gets their content from several places. Forexample images hosted somewhere else.
The question is really general, how do you allow a specified site/domain to pass through in a white-list approach when you have the problem explained above? Let's imagine you don't have time to test all functionality on that site to see that everything is working and loaded.
What about to create the policy based on: ?
User-awareness
Application-awareness
Content awareness
Time-Object
In short:
Identity awareness will ensure the SRC of the users
Application control + URLF filtering / dynamic object will ensure to application type + DST
Content awareness will ensure upload documents
Time object will ensure the time that rule/s be active
Of course, you can add Sandblast security solution to ensure documents are not malicious
HTH,
Ofir S
Why so complicated approach ?
Just download all needed stuffs to the all workstations to be available offline (even without internet).
Hi Jozko,
It's stated in the technical requirements that it should be online based help. It can be minimum 2 and up to maximum 15 different online resources. Not just dictionaries.
School owners, in cooperation with school leaders, shall ensure that pupils and adult participants have access to a limited number of online resources during a centrally-conducted exam in primary school.
Application Control, URL Filtering, and HTTPS Inspection will probably make your life easier here in terms of building and enforcing that whitelist (versus using IP addresses that can change), but you still need to test periodically to ensure only the resources you want to allow actually are.
There has been no need to do it more complicated than needed. You get each year around 7 IP-addresses that need to be allowed (barely change). The IP-addresses ranges are for check of CRL of SSL-certificates. So it has not been difficult to enable a disabled rule each year when needed
If you can achieve your desired result by whitelisting specific IPs only, then by all means.
It's just a lot harder when you're accessing resources that are hosted in, say, AWS.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 19 | |
| 8 | |
| 6 | |
| 6 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 2 |
Thu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealThu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASETue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeThu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY