This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jennifer_Wilson
Contributor
‎2024-03-04 05:12 AM
Jump to solution

Lots of sites being categorized as anonymizers inc. Spotify and Bing?

We block anonymizers and can see that at least open.spotify.com, www.bing.com teams web etc are being blocked as they are tagged as anonymizers by URL categorization.
Had reports this has been happening since last Friday.

online Checkpoint URL checker shows the spotify one as what you would expect (entertainmnet etc.) and the IP's on it as uncategorized.

But the URL & App DB on my management server says it's up to date with a version of 141202403031347 created 03/03/2023 13:47 and won't update past that one.

Anyone else seeing similar issues?


38 Replies
Jennifer_Wilson
Contributor
‎2024-03-05 01:31 AM
In response to the_rock
Jump to solution

Please find update from Checkpoint below :

'Currently, we have received multiple complaints about this issue and it was brought to the highest ranks in support and R&D departments, this issue is related to CP side and is being handled as we speak by our internal teams,

We appreciate your patience and cooperation in reporting this issue.
I will update you on the progress and possible steps to solve this issue once I get news from R&D'

0 Kudos
gmorrow205
Explorer
‎2024-03-05 04:10 AM
In response to Jennifer_Wilson
Jump to solution

Any news on the fix?  I have a case open and got the same "known issue" response. 

0 Kudos
Jennifer_Wilson
Contributor
‎2024-03-05 04:22 AM
In response to gmorrow205
Jump to solution

they have said a new application control db has been uploaded to the Gateways (but not the Management server), dated 05/03/2024 time 10:3x Update number 050324_3, which I've checked is now there. (cpview/Software-Blades/Overview-Updates Information:)
I am having a look now but Bing and open.spotify look good so far.

Jennifer_Wilson
Contributor
‎2024-03-05 05:16 AM
In response to Jennifer_Wilson
Jump to solution

My testing on a single test machine (that still has an app rule with anonymizer category blocked on it) indicates the updated app control db has fixed the issue.
Defender updates, Bing and open.spotify are not now showing as "anonymizer" category on a Checkpoint Gateway running R81.10 JHF 130 with HTTPS Categorization (not SSL inspection).

gmorrow205
Explorer
‎2024-03-05 05:43 AM
In response to Jennifer_Wilson
Jump to solution

Awesome. We pushed a global exception for anonymizer, but I will pull it off a cluster and test. 

So you didn't have to clear the URL cache? That procedure looked pretty intense!

0 Kudos
Jennifer_Wilson
Contributor
‎2024-03-05 07:20 AM
In response to gmorrow205
Jump to solution

No, didn't have to clear the URL cache.
Was requested to do a policy install, but had already done some unrelated policy installs around the time so it was already applied in our case.

0 Kudos
(1)
the_rock
Legend
Legend
‎2024-03-05 04:10 AM
In response to Jennifer_Wilson
Jump to solution

Thanks for that. Did they say it applies to all versions or just R81.10?

Andy

0 Kudos
Jennifer_Wilson
Contributor
‎2024-03-05 07:30 AM
In response to the_rock
Jump to solution

They didn't say, sorry.

0 Kudos
STEVE_ENS
Contributor
‎2024-03-05 09:46 AM
In response to Jennifer_Wilson
Jump to solution

This is what we tried this morning...still testing.

 

Steps Taken: Logs show the traffic is being categorized by IP Initially (cat $FWDIR/database/ca_bundle.pem | grep BEGIN | wc -l) output showed only 286 CAs MGMT R81.20 Take 41 There was a discrepancy between the amount of CA's in smartboard vs the amount of CAs on the GW. Updated the Trusted CA's After updating the trusted CA's we now saw 147 CA's in ca_bundle.pem sk180507 - The Trusted CAs list is not updated in the R81.10/R81.20 Management Server database - Ran the MGMT CAs bundle script for R81.20 Take 41 - 200+ missing CAs were added - Installed database and policy - We were still only seeing 147 CAs in $FWDIR/database/ca_bundle.pem - We added the server cert to the trusted Cas to trigger a change to update the GW's - After installing the policy we could see the GW was updated with the CAs (371) Cleared the URLF cache - sk64280 Cleared the SNI cache - # fw tab -t cptls_host_name_cache -x -y

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events