 Re: Allowing access to fqdn
I used a URI file for a very short time for blocking some sites that management had deemed a breach of the AUP here. Two things became readily apparent:
1) The URI file solution is very inflexible, both from a scalability and management standpoint
2) Using domains, while they should be quite permissible, does present a performance bottleneck. This came to the point where I was getting false positives, and normal browsing became a chore.
My experience is rather limited with Check Point, but I've been considering using Websense or similar here. Whether or not management agrees is another story entirely. As a work around we've got logging enabled for http and https and a cross-reference file which gives us username vs hostname on the inside. That way with Tracker we can filter by a period of time (say a week) and find anything people should or shouldn't be doing.
HTH |