Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nikolaos_Liakop
Explorer

Checkpoint as a Proxy-Block Page

I am well aware of the fact that when a user visits a "blocked" http url , CP will redirect the user to a UserCheck block page.

Can the aforementioned behavior be accomplished with HTTPs urls as well and without https inspection enabled ?

 

Also, provided that I configure Checkpoint as a non-transparent proxy and that I only have "HTTPs Categorize Sites" enabled, if my users visit a https web page that gets blocked by the URL filtering blade, will CP return to the user a UserCheck Block Page ?

 

0 Kudos
2 Replies
the_rock
Champion
Champion

I dont think there is any way to have that behavior without inspection enabled, because in that case, yes, page wont work, but block notification will never come up, as there is nothing to be intercepted by the firewall, since the inspection cert that would have been presented when https inspection is on, would not be there.

0 Kudos
PhoneBoy
Admin
Admin

HTTPS Inspection must be enabled for HTTPS UserCheck pages to work as a redirect is required, which requires injecting a redirect into the connection.
That can’t be done without decrypting and reencrypting the traffic.