CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 10 of 10

Thread: Blocking images (Google, Craigslist etc)

  1. #1
    Join Date
    2007-05-25
    Posts
    207
    Rep Power
    13

    Default Blocking images (Google, Craigslist etc)

    Hello,

    Does anyone know how to block images from sites like google and craigslist ?

    We would like to allow our users to get to these sites just not be able to see questionable images.

    Thanks.

    -pat

  2. #2
    Join Date
    2007-05-25
    Posts
    207
    Rep Power
    13

    Default Re: Blocking images (Google, Craigslist etc)

    Quote Originally Posted by pat13b View Post
    Hello,

    Does anyone know how to block images from sites like google and craigslist ?

    We would like to allow our users to get to these sites just not be able to see questionable images.

    Thanks.

    -pat
    I forgot to mention we are at R77.20.

    I also forgot to add, that checking the box "safe Search" in the engines settings does absolutely nothing either.

    I'm sure there are many Companies with policies against searching porn within Google and Craigslist etc.

    I'll be opening a case to see where that takes me.

    I have to say I'm a bit disappointed in Check Point with the IA and application url filtering. The IA does not work with Aruba wireless using cert based authentication.
    (Hopeful for a new release coming out soon I'm hearing anyway) and now this problem.

    -pat

  3. #3
    Join Date
    2007-06-04
    Posts
    3,303
    Rep Power
    17

    Default Re: Blocking images (Google, Craigslist etc)

    Do you have HTTPS Inspection enabled?

    SafeSearch setting only works where HTTPS Inspection is enabled.

    Had a ticket with a customer where the Google Images displayed as a thumbnail however if you clicked on then wouldn't display properly.

    Was after Google went to HTTPS.

    Once HTTPS Inspection was enabled then the Thumbnails didn't even display.

    As a quick test try Bing. Bing actually displays the images from a different URL explicit.bing.com and so the images are blocked anyway whereas Google serves the Thumbnail up from google.com so isn't blocked.

    That worked for our customer.

    With the Aruba Wireless and Cert Based Authentication then is it generating the necessary logs in the AD Servers to identify the users and the IA to read the event/logs of the user logging in, or is that the Users all seen from the same IP.

  4. #4
    Join Date
    2007-05-25
    Posts
    207
    Rep Power
    13

    Default Re: Blocking images (Google, Craigslist etc)

    Intresting. Thanks very much for your reply.

    No we don't have HTTPS inspection turned on. The organization wouldn't allow the certs to be pushed to the user's laptops and PCs.

    My understanding is that a cert needs to be generated and put on each device in the organization? Unless there are any short cuts that I can do at the gateway by passing the need to touch everyone's device.

    The Aruba thing has something to do with the login authen being done on the controller and not passing creds each time to the AD servers. Once the original on-board cert is authenticated to AD, then requests after just go to the Aruba controller. It looks like an Aruba and Check Point compatibility thing.

    -pat

  5. #5
    Join Date
    2005-08-29
    Location
    Upstate NY
    Posts
    2,720
    Rep Power
    17

    Default Re: Blocking images (Google, Craigslist etc)

    Quote Originally Posted by pat13b View Post
    My understanding is that a cert needs to be generated and put on each device in the organization? Unless there are any short cuts that I can do at the gateway by passing the need to touch everyone's device.
    Not really unless you are OK with an untrusted certificate waring at the client end.

    The Aruba thing has something to do with the login authen being done on the controller and not passing creds each time to the AD servers. Once the original on-board cert is authenticated to AD, then requests after just go to the Aruba controller. It looks like an Aruba and Check Point compatibility thing.
    If you are using AD Log Query, until there is a log of the login we cannot detect it.
    If you are using the IDA agent this isn't an issue as it proxies the auth.

  6. #6
    Join Date
    2007-05-25
    Posts
    207
    Rep Power
    13

    Default Re: Blocking images (Google, Craigslist etc)

    Quote Originally Posted by chillyjim View Post
    Not really unless you are OK with an untrusted certificate waring at the client end.



    If you are using AD Log Query, until there is a log of the login we cannot detect it.
    If you are using the IDA agent this isn't an issue as it proxies the auth.

    Thanks for clarifying Jim.

    My understanding from our Check Point Team, is that Check Point and Aruba are working together on the IA aspect. Aruba will work with direct integration with Palo Alto and Identity awareness (User-ID)
    Hopefully both these Companies have a working relationship.

    -pat

  7. #7
    Join Date
    2010-11-01
    Posts
    18
    Rep Power
    0

    Default Re: Blocking images (Google, Craigslist etc)

    Doesn't Browser Transparent Single Sign-On work for this IA scenario?

  8. #8
    Join Date
    2005-08-29
    Location
    Upstate NY
    Posts
    2,720
    Rep Power
    17

    Default Re: Blocking images (Google, Craigslist etc)

    Quote Originally Posted by AveJoe View Post
    Doesn't Browser Transparent Single Sign-On work for this IA scenario?
    It should.

    ADQ as it works today doesn't. PAN is agent based (not a client agent but server agent) so it functions a little different. I do know there if more flexibility coming due to changes in 2012 server AD but I really haven't followed them closely.

    Then again there are many big usability changes coming RSN.

  9. #9
    Join Date
    2007-05-25
    Posts
    207
    Rep Power
    13

    Default Re: Blocking images (Google, Craigslist etc)

    The portal was an option we presented but management does not want the user to have to sign in twice. Once with AD and then a second login for the Check Point portal.

    I heard today that Check Point and Aruba are working together to resolve this. Not sure of details but its good news.

    -pat

  10. #10
    Join Date
    2005-08-29
    Location
    Upstate NY
    Posts
    2,720
    Rep Power
    17

    Default Re: Blocking images (Google, Craigslist etc)

    There is a "transparent" portal if the user is using a browser that supports AD-Krborose. Then only users that do not have a KRB ticket are asked to sign in. Interm option until the Aruba stuff is worked out.

Similar Threads

  1. Blocking Google Analytics
    By onehet in forum Application Control Blade
    Replies: 4
    Last Post: 2014-02-07, 00:43
  2. File Path for Backups and Images
    By dbrown3611 in forum Check Point UTM-1 Appliances
    Replies: 6
    Last Post: 2013-10-17, 14:42
  3. Checkpoint Firewall Manager - two images
    By oharek in forum Advanced
    Replies: 5
    Last Post: 2013-09-27, 16:37
  4. deleting old images/snapshots?
    By jmcgrady in forum Installing And Upgrading
    Replies: 1
    Last Post: 2012-08-24, 05:16
  5. Web pages or images on the page do not load properly.
    By Emperor in forum Mobile Access Blade (Formerly Connectra)
    Replies: 0
    Last Post: 2012-06-28, 13:32

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •