The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
|
URL Filtering with UFP Server makes incorrect decisions when 'UFP caching control' is set to 'Security Gateway'
|
Technical Level
|
| Solution ID |
sk35967 |
| Technical Level |
|
| Product |
URL Filtering |
| Version |
All |
| Date Created |
30-Sep-2008
|
| Last Modified |
09-Dec-2013
|
Symptoms
- When a URI Resource is created to match a UFP Server such as WebSense, and the 'UFP caching control' is set to 'Security Gateway', only simple WebSense policies cache the results correctly.
- Complex policies - such as general policy for all users, additional specific policies for other users based on the source IP address, MachineID or other mechanisms, will NOT cache correctly, resulting in sites that should be allowed being blocked, or vice versa.
Cause
The caching mechanism only caches the result - whether or not a particular URL was allowed. It does not include the Source IP address or other information that would allow to differentiate any of the conditions that the UFP Server is using to execute the complex policy.
Solution
This is currently not supported by the caching mechanism.
Change the setting in the following way to have the caching behave correctly :
- SmartDashboard - 'Manage' menu - Servers and OPSEC Applications - New... - OPSEC Application... - assign the name, check the relevant boxes, etc
- SmartDashboard - Resources tab - New - URI :
- 'General' tab - assign the name , under 'URI Match Specification Type' check 'UFP' box
- 'Match' tab - choose the OPSEC Application that was created in Step 1, under 'UFP caching control' choose either "No Caching", or to "UFP Server"
- Install policy
|
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
|
