- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi, community!
I'm having troubles accessing banks and finance sites even though they are allowed by the proper rule. The Finance category is allowed as part of a group of categories called "level 2 categories":
But when I go to a banking site, such as grupobancolombia.com the connection is blocked. According to our logs, the firewall is blocking some sites associated to the bank's site, but it's not showing me any categories associated to them:
If I allow everything through the rule, all sites open correctly.
Any thoughts?
I'm running R80.10.
Thanks.
It seems that Website is SSL(HTTPS) and SSL(HTTPS) inspection not enabled
But shouldn't URL categorization work even without SSL Inspection activated if I choose to "categorize HTTPS sites"?
The categorization in this case will depend on what the DN of the TLS certificate is, which may be different than the URL typed in the browser.
The Subject of a certificate can be anything if you have match on the Subject Alternative Names as those are preferred over the Subject of the certificate.
At this moment I think that without SSL intercept you may run into problems.
There is still a lot of debate about all of this. Chrome seesm to ignore the subject and only relies on Subject Alternative Name.
By now that term seems to be misleading as it seems to be more of a Subject Name List.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY