Print Download Documentation Send Feedback

Previous

Next

TCP - UFP

What can I do here?

Use this window to configure the UFP properties of a URI Resource.

Getting Here

Getting Here - Object Explorer > New > Resource > TCP > UFP

TCP - Understanding UFP

UFP servers are OPSEC certified third party applications that check URLs against a list of permitted categories to determine whether or not access to that URL should be allowed.

When a user requests a URL, the Security Gateway determines if the UFP server must be used. If a UFP server is used, the connection is held until the Firewall determines if the connection is permitted.

This window specifies how a connection is matched to the Resource in a rule. If a connection matches the source and destination of the rule and the match parameters of the Resource, then both the Action in the Rule and the Action in the Resource are applied.

UFP Options

Tell me about the fields...

Caching Option

Description

No caching

UFP caching is disabled

Security Gateway (One Request)

UFP caching is controlled by the Check Point Security Gateway. This option disables the second, IP-based UFP request, thereby increasing performance. With this option the security server caches the UFP server's reply to a CAT (category) request.

Security Gateway (Two Request)

UFP caching is controlled by the Check Point Security Gateway, and enables the second, IP-based UFP request, thereby increasing cache integrity. With this option the security server sends a second CAT (category) request with the IP address acting as the URL address, after receiving a reply from the first CAT request.

UFP Server

The UFP server controls UFP caching. With this option the security server will cache a URL and mask sent by the UFP server in a cache_info format.