Technical data

ManualsBrandsCheck Point Software Technologies ManualsNetworkingVSX-1 3070

121

122

123

124

125

126

127

128

129

130

Working with URL Filtering

Check Point VSX Administration Guide NGX R67 | 129

Performing Manual Updates

To perform a manual database update:

1. On the Database Updates page in the SmartDashboard Content Inspection tab, click Update

databases now. The Update Databases wizard opens.

2. In the first window, enter your Check Point User Center email address and password in the appropriate

fields.

3. In the second window, select Custom update.

4. In the third window, select URL Filtering.

5. In the final window select the VSX gateway and click Add > Do not select any other objects.

6. Click Finish to perform the update.

Password Bypass

Password bypass is a feature that allows authorized users to override Web Filter traffic rejections by

entering a password. Users can be granted access to a blocked domain, and all links pointing to locations

within that domain, for a limited amount of time that is configured by the administrator.

This allows administrators to exempt specific users from URL Filtering limitations and to allow these users to

bypass URL Filtering false positives. For example, a network security officer might be granted access to

hacking or identity theft sites in order to develop countermeasures.

Using Password Bypass

Upon notification that access to a specific Website has been blocked by URL Filtering, users receive an

opportunity to enter their network password to override the blockage. After entering the correct password,

access is granted to any location on the blocked domain for a period of time configured in the

SmartDashboard Bypass options. After the specified amount of time, the user is required to re-enter the

password to regain access.

Configuring Password Bypass

To allow users to use password bypass, perform the following steps:

1. In SmartDashboard, create a user group with the name UF_bypass.

2. Add those specific users or user groups who have password override privileges to this group.

3. Install the Policy.

URL Filtering Acceleration

A single Web page display often contains numerous HTTP requests in order to display all of it’s

components. Normally, each individual request is inspected by the URL Filtering engine, resulting in

degraded performance. The URL Filtering acceleration option improves performance by inspecting only the

first request for a given page and applying its decision to all subsequent requests.

You can enable or disable the acceleration feature via the command line. Acceleration is enabled by default:

To enable URL Filtering acceleration, run the following command:

fw ctl set int http_ufp_allow_acceleration 1

To disable URL Filtering acceleration, run the following command:

fw ctl set int http_ufp_allow_acceleration 0

To ensure that this setting remains in place after rebooting, add the following line to the

$FWIR/boot/module/fwkern.conf file:

http_ufp_allow_acceleration=0