The new blade is integrated with application control, providing excellent rulebase granularity and Identity awareness support. The new blade is based on an in-the-cloud URL filtering service. The new blade does not require maintaining a very large database since it is hosted in the cloud. The new blade uses state-of-the-art caching mechanism to achieve excellent performance.
There is no limit to the size of the database (currently 200M sites and growing). There are no large updates, and the blade works immediately (without needing to perform a first update). The database is always up-to-date. Uncategorized sites are automatically added to a site-to-be categorized list (no need to open tickets). The blade is available on all platforms and all sizes of appliance
The URL Filtering blade sends uncategorized sites as part of the regular categorization process. The Check Point URL Filtering service automatically adds these sites to a list of a sites which will be categorized.
To address this the security gateway URL Filtering blade queries the URL Filtering service for a list of sites which have been compromised in the last hour (it does this every hour), if the gateway detects such a site in its local cache, it is removed and a new query will be sent which will include the correct categorization
Yes, 99.5% or more of the sites are categorized by the online service. A limited number of sites have special properties which require a very small local database. This database is downloaded as part of the update process.
No. Check Point implements these mechanisms to address latency:
By default the URL Filtering blade works in background mode. Thus, requests are not held until categorization occurs, preventing latency.
The end user will not be able to browse forbidden sites, because after one or two requests, the site will be categorized and blocked correctly. The URL Filtering online service uses an advanced cache in the cloud deployment, which has a CDN (content delivery network). Thus, in most cases, categorization occurs on a server close to the gateway (network-wise).