Saturday, May 28, 2016

Check Point 1140 Identity (User) Awareness

There's still time left to test my Check Point 1140 before the Software Blade licenses expires. I'll be trying the Identity Awareness feature on this firewall.


The Application & URL Filtering Software Blade must be enabled to work in conjunction with Identity Awareness. Go to Access Policy tab > Blade Control > Application & URL Filtering > On > Apply.


To activate Identity (User) Awareness, either click Configure on User Awareness under Access Policy tab or go to Users & Objects > User Awareness > On. Click on the Configuration wizard.


Click Browser-Based Authentication (which is a Captive Portal authentication). These are common in a cafe and hotel wifi hotspot registration.


Tick Block unidentified users when the captive portal is not possible. This will redirect any users who wants to access the Internet to the captive portal to register first.


You can customize the captive portal by putting an Acceptable Use Policy (AUP) and uploading a company logo.




I've created local users (and a Group) for testing since an AD server isn't available in my lab.



You can have the option to put the users in a User Group.



You'll see this error message on the web browser since we haven't accepted yet the firewall's self-signed certificate. A new self-signed cert is generated each time the firewall reboots. To avoid this scenario, a Public Key Infrastructure (PKI) or a trusted third party CA (i.e. Verisign, GoDaddy, etc.) should be used. Click


Tick I have read and agreed to the terms and conditions and click Next. Login using the local users created on the firewall's database.



You'll see the created AUP disclaimer if you click on the terms and conditions hyperlink.


To verify logs, go to Logs & Monitoring > Security Logs and look for Identity Awarness logs under the Blade column.




I also tried the Identity Awareness/captive portal from my iPhone (login as Sophia).








Friday, May 20, 2016

Check Point 1140 Application Control & URL Filtering

I still haven’t fully activated my Check Point 1140 online yet and got some few days left before the Software Blade trial license expires. You can check the Software Blade license status under Home tab and select License. So I started testing the Application Control & URL Filtering feature on this appliance.



To activate Application Control & URL Filtering, go to Access Policy tab > Blade Control > click On under Application & URL Filtering. The Block security risk categories was already selected by default so I ticked Block inappropriate content and Block file sharing applications and then clicked Apply.
 


After the Applications & URL Filtering was enabled (On), an update became available. I clicked Update now to get the latest update from Check Point’s database. The update took around 4 minutes and you’ll see the status changed from Updating to Up to date.
 







I went through some “illegal” websites and got a Page Blocked error saying that access to the site is not permitted. It also indicates which category the website falls under and that the page blocking was due the Application Control feature.
 




I also tried to Block other undesired application such as Blogger, eBay and Facebook.
 





To verify Application Control & URL Filtering is working, go to Logs & Monitoring tab (look under the Blade column) and double-click the selected log in order to view more details.
 









I also tried to the Limit bandwidth consuming applications and set 1 Kbps for both Download and Upload. The High Bandwidth, P2P File Sharing, Media Sharing and Media Streams were already added by default.




I tried watching a video on Youtube but it only kept on loading. The configured 1 Kbps Download/Upload limit made it impossible for the video to stream properly.
 

I also tested on my iPhone and got the same results from the applied Application Control & URL Filtering policies.




Another cool thing about Application Control and & URL Filtering is the monitoring capability. Go to Logs & Monitoring > Monitoring and/or Reports.