We're using Websense for URL filtering and moving to Checkpoint advanced blade for filtering. I'm planning to enable Application and URL filtering on a Checkpoint security gateway and disable URL filtering on Websense server. I have a procedure on setting up the required URL filtering policies and creating required applications/Sites for monitoring.
My question is, would enabling Application and URL filtering on Checkpoint start filtering the URL? or does it require a special rule on firewall? There is already a rule in place for outbound internet traffic.
I guess as firewall is hit first, enabling URLF should start filtering internet traffic before it reaches Websense server.
Thanks in advance
URL filtering can still work as in the filtering in legacy and likewise it also need to be enabled. For legacy URL Filtering on Security Gateway versions earlier than R75.20, you will do it on the Firewall tab, double-click the required Security Gateway network object. Go into Other > More Settings and enable Legacy URL Filtering. This is its working in summary But be wary of the legacy setting as below https://sc1.checkpoint.com/documents/R77/CP_R77_ApplicationControlURLFiltering_WebAdminGuide/73834.htm#o103281
In CP, for URL filtering, the main flow is to go to the local cache to see if the data is already there. If the category data is not in the cache, it checks the local database for the URL category. And specifically for application control and URL filtering, if the URL is suspected to be a widget or the category data is not in the cache, the CP gateway will access the Check Point Online Web Service too provided it is online accessible.
But do note, the below for App & URL filtering You can find reference online in https://sc1.checkpoint.com/documents/R76/CP_R76_AppControl_WebAdmin/60902.htm