This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alejandro_Lansa
Participant
‎2018-10-11 06:48 AM

URL Filtering – Categorization

I have a new question about URL Filtering. I am testing the Application Control und URL Filtering Blades in order to replace our Proxy, but I have a problem with Categorization. The test is done with a R80.10 security Gateway configured as HTTP/HTTPS Proxy with a restrictive configuration: Each Department has access to a group of categories, and all other categories are blocked.

I experience the following behavior:

  • When a user opens a new Web Site it becomes immediately the category “Web Browsing”. This Category is not allowed in our Policy and the firewall drops the connection.
  • The second time that we open the same website the site is correctly categorized and traffic accepted oder droped according to the policy.

This behavior is also described in SK105642 “Allowed site is blocked on first attempt, then allowed on second attempt”, but the solution doesn’t work for me.

The advanced configuration of Application Control & URL Filtering is:

  • Fail Mode – Block all requests (fail-close)
  • Web browsing – “enable web browsing logging and policy enforcement” – Disabled
  • Checkpoint online web service
    • Block requests when web service is unavailable
    • Website Categorization mode: Hold – requests are blocked until categorization is complete

For torubleshooting purposes I have temporary disabled https inspection and I experience the same problem.

Has anyone experienced a similar problem?

1 Reply
PhoneBoy
Admin
Admin
‎2018-10-12 08:54 AM

The SK does a fairly good job describing the issue.

The solution described clearly doesn’t work in R80.10.

Maybe instead of entirely blocking Web Browsing you “limit” it to a ridiculously low bandwidth.

This will allow the traffic to continue until it is classified appropriately.