Technical data

ManualsBrandsCheck Point Software Technologies ManualsNetworkingVSX-1 3070

121

122

123

124

125

126

127

128

129

130

Check Point VSX Administration Guide NGX R67 | 126

Chapter 7

Working with URL Filtering

In This Chapter

Introduction 126

Configuring URL Filtering 127

Introduction

Access to the Internet can expose your organization to a variety of security threats and negatively affect

employee productivity as a result of non-work-related surfing and downloading of files. Due to problems

associated with employee web surfing, organizations are turning to Web Filtering to control employee

Internet access, reduce legal liability and improve organizational security. Web Filtering enforces filtering

rules based on the organization’s needs and predefined categories made up of URLs and patterns of URLs.

Web Filtering includes reporting and monitoring tools that capture and present web traffic data, providing

organizations with an in-depth look at how web surfing affects their organization’s security and supports

decisions regarding web surfing limitations.

A web filter is a function that screens incoming web pages to determine whether or not to display their web

content. The web filter verifies the web page URL against a list of approved sites and blocks access to

complete sites or pages within sites that contain objectionable material (for example, pornography, illegal

software and spyware).

Terminology

The following terms are used in Web Filtering applications:

 Allow List: A list of allowed URL addresses, for example, a URL in the Allow List is allowed even if it is

associated with a category that is blocked.

 Block List: A list of blocked URL addresses, for example, a URL in the Block List is blocked even if it is

associated with a category that is not blocked.

 Blocking Notifications: Contains the message that appears when a URL address is blocked and the

URL to which a blocked URL address is redirected.

 Category: Contains a group of topics sharing a common attribute (for example, crime, education and

games.

 Network Exceptions: Contains a list of connections for which Web Filtering should not be enforced.

 Web Filter: Allows you to allow or block URLs based on network connections and/or an external

categorized database and local exception lists.

Functional Overview

When incoming Web traffic arrives at a gateway on which Web Filtering is active, it first applies the general

security policy rules. Traffic allowed by these rules is then inspected for permitted URLs and/or IP

addresses.

The Web filtering engine inspects incoming requests and assigns one or more filter categories according to

information contained in the Content Inspection database. The Content Inspection database is updated

periodically to ensure accurate category assignment.