https://community.checkpoint.com/t5/Cloud-Firewall/Does-SSL-Inspection-Affect-Azure-Integration/m-p/18457#M3200 <HTML><HEAD></HEAD><BODY><P>Hi dameon,</P><P></P><P>yeah i wasn’t sure if I could treat Gaia like any other Linux box and update the cert store then find out TAC won’t support me anymore&nbsp;&nbsp; </P><P></P><P>got to say... arrgghh... I didn’t realise you could exclude ssl inspection so I’ll google that but I’m not too sure what the targets are for the azure API&nbsp;</P><P></P><P>really appreciate the help - I’ll post up any solution I find that works for me too!!!&nbsp;&nbsp; </P></BODY></HTML> Tue, 20 Nov 2018 19:48:05 GMT Nicholas_Sherid 2018-11-20T19:48:05Z https://community.checkpoint.com/t5/Cloud-Firewall/Does-SSL-Inspection-Affect-Azure-Integration/m-p/18455#M3198 <HTML><HEAD></HEAD><BODY><P>Hi forum,</P><P></P><P>My azure integreation failed recently and I think it relates to the Managment Servers Azure HTTP calls being routed through the firewall that's doing the SSL inspection.&nbsp; So I am expecting the SSL validation to fail as the Management server lacks the root certificate in it's trust store to verify the firewall masquerading as microsoft to be geniune.</P><P></P><P>Anyone had this?&nbsp; I will start digging deeper but I just wanted to run it past you guys - thanks!</P><P></P><P>Nik</P></BODY></HTML> Tue, 20 Nov 2018 16:01:55 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Does-SSL-Inspection-Affect-Azure-Integration/m-p/18455#M3198 Nicholas_Sherid 2018-11-20T16:01:55Z https://community.checkpoint.com/t5/Cloud-Firewall/Does-SSL-Inspection-Affect-Azure-Integration/m-p/18456#M3199 <HTML><HEAD></HEAD><BODY><P>My first guess would be that you&nbsp;need to exclude the management from HTTPS Inspection.</P><P>There may be another way to achieve this (for example add the CA key to the root store used by the CloudGuard Controller).</P><P>Will check.</P></BODY></HTML> Tue, 20 Nov 2018 19:22:41 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Does-SSL-Inspection-Affect-Azure-Integration/m-p/18456#M3199 PhoneBoy 2018-11-20T19:22:41Z https://community.checkpoint.com/t5/Cloud-Firewall/Does-SSL-Inspection-Affect-Azure-Integration/m-p/18457#M3200 <HTML><HEAD></HEAD><BODY><P>Hi dameon,</P><P></P><P>yeah i wasn’t sure if I could treat Gaia like any other Linux box and update the cert store then find out TAC won’t support me anymore&nbsp;&nbsp; </P><P></P><P>got to say... arrgghh... I didn’t realise you could exclude ssl inspection so I’ll google that but I’m not too sure what the targets are for the azure API&nbsp;</P><P></P><P>really appreciate the help - I’ll post up any solution I find that works for me too!!!&nbsp;&nbsp; </P></BODY></HTML> Tue, 20 Nov 2018 19:48:05 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Does-SSL-Inspection-Affect-Azure-Integration/m-p/18457#M3200 Nicholas_Sherid 2018-11-20T19:48:05Z https://community.checkpoint.com/t5/Cloud-Firewall/Does-SSL-Inspection-Affect-Azure-Integration/m-p/18458#M3201 <HTML><HEAD></HEAD><BODY><P>Hi Nicholas,</P><P></P><P>I am not 100% sure, but could you check if the Mng Server is conneting to management.azure.com&nbsp; for the Azure Integration ? May be <SPAN style="font-family: Courier New;">login.windows.net</SPAN>&nbsp;is also used</P><P></P><P>Best Regards</P><P></P><P>Matthias</P></BODY></HTML> Wed, 21 Nov 2018 12:48:07 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Does-SSL-Inspection-Affect-Azure-Integration/m-p/18458#M3201 Matthias_Haas 2018-11-21T12:48:07Z https://community.checkpoint.com/t5/Cloud-Firewall/Does-SSL-Inspection-Affect-Azure-Integration/m-p/18459#M3202 <HTML><HEAD></HEAD><BODY><P>Just to come back to this thread, you should be able to add the relevant HTTPS Inspection certificate to&nbsp;$CPDIR/conf/ca-bundle-public-cloud.crt on the gateway.</P><P>Then execute <STRONG>vsec stop; vsec start</STRONG> to activate it.</P></BODY></HTML> Wed, 16 Jan 2019 00:59:37 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Does-SSL-Inspection-Affect-Azure-Integration/m-p/18459#M3202 PhoneBoy 2019-01-16T00:59:37Z https://community.checkpoint.com/t5/Cloud-Firewall/Does-SSL-Inspection-Affect-Azure-Integration/m-p/18460#M3203 <HTML><HEAD></HEAD><BODY><P><A href="https://community.checkpoint.com/migrated-users/2075">Dameon Welch-Abernathy</A>‌ thanks - I'll give that a shot and advise! <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P></BODY></HTML> Wed, 16 Jan 2019 08:43:06 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Does-SSL-Inspection-Affect-Azure-Integration/m-p/18460#M3203 Nicholas_Sherid 2019-01-16T08:43:06Z