Technical data
Working with URL Filtering
Check Point VSX Administration Guide NGX R67 | 128
Note - The URL database also includes IP addresses. By Default, all IP
addresses are allowed, even if included in the Allow or Block lists.
To enable the Allow and Block lists to work with IP addresses, use the
GuiDBedit
utility and change the categorize_http_request_method parameter to
host_dns_and_ip (the default value is host_dns).
When defining IP addresses in the Allow or Block lists, you must append the '/'
character to the end of each address string. If you fail to do this, the parser
treats the entire IP address as a wildcard prefix and may inappropriately block
or allow other IP addresses.
5. In the Advanced branch, select Network Exceptions to create a list of the network connections
through which traffic should not be inspected or in order to enforce URL Filtering on all Web traffic.
Network Exceptions works according to a source and destination Rule Base and overrides the URL
Filtering engine.
6. In the Advanced branch, select one of the following Blocking Notifications in order to notify the user
when the URL request is blocked:
Enter the message to be displayed when a URL is blocked according to the URL Filtering Policy.
Or
Enter a URL to which the user is to be redirected.
7. Install the Policy on appropriate VSX objects.
Updating the Content Inspection Database
In order to ensure that URL Filtering protection is current and accurate, it is essential to update the Content
Inspection database on a regular basis. The following database update methods are available:
Automatic Updates: Updates occur automatically on a fixed schedule, according to predefined
parameters.
Manual Updates: You can update the database manually at any time according to parameters defined
in a wizard.
Updates are available from the Check Point website. Prior to downloading, verify that:
HTTP and HTTPS Internet connectivity with DNS is properly configured.
You have a valid Check Point User Center user name and password.
Note -
Database updates are performed using the VSX gateway management IP address.
The first update may take several minutes, depending on your network bandwidth.
Subsequent updates will take significantly less time because only incremental
information is downloaded.
URL Filtering begins to work only after you perform the update and install the policy.
Configuring Automatic Updates
To configure automatic updates:
1. On the Database Updates page in the SmartDashboard Content Inspection tab, select the Enable
automatic updates option.
2. Click Configure Automatic Updates.
The Automatic Updates wizard opens.
3. Enter your Check Point User Center email address and password in the appropriate fields.
4. On the URL Filtering tab, select the update frequency (in hours).
5. Configure Tracking Configuration parameters as appropriate.
6. Click OK to complete the definition.