User guide

Using Web Rules

188 Check Point ZoneAlarm User Guide

Note: Web rules differ from the Web Filtering subscription service in the following

ways:

• The Web Filtering service is subscription-based and requires a

connection to the Service Center, while Web rules are included with the

ZoneAlarm router.

• The Web Filtering service is centralized, extracting URLs from HTTP

requests and sending the URLs to the Service Center to determine

whether they should be blocked or allowed. With Web rules, HTTP

requests are analyzed in the gateway itself.

• The Web Filtering service is category based; that is, it filters Web sites

based on the category to which they belong. In contrast, Web rules

allow and block specific URLs.

You can use either content filtering solution or both in conjunction. When a user

attempts to access a Web site, the ZoneAlarm router first evaluates the Web rules.

If the site is not blocked by the Web rules, the Web Filtering service is then

consulted. For information on the Web Filtering service, see Web Filtering on page

276.

The ZoneAlarm router processes Web rules in the order they appear in the Web Rules table,

so that rule 1 is applied before rule 2, and so on. This enables you to define exceptions to

rules, by placing the exceptions higher up in the Web Rules table.