https://community.checkpoint.com/t5/Firewall-and-Security-Management/Azure-AD-application-proxy-and-HTTPS-Inspection/m-p/149433#M23956 <P>R81.10 Take 45, 5000 series appliance, non-VSX.</P><P>&nbsp;</P><P>The customer has been evaluating this service from Microsoft.</P><P>&nbsp;</P><P><A href="https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy" target="_blank" rel="noopener">Remote access to on-premises apps - Azure AD Application Proxy | Microsoft Docs</A></P><P>Everything works fine until HTTPS Inspection is turned on. From that moment, the rendering of applications becomes inconsistent with screen freezes, lag and so on. Unchecking HTTPS Inspection clears this.</P><P>Nothing is actually inspected as HTTPS Inspection is also being evaluated so the only initial actions were first to activate the service with a single rule any/any/any bypass upon which rules would be built. In the logs, all HTTPS traffic is shown as bypassed and all other HTTPS applications continue working.</P><P>The certificate has been regenerated, CA list updated, SecureXL off/on, failover, reboot, tried Ongoing Take 55, same result.</P><P>wstlsd.elg and drops debugs on traffic don't show any issues.</P><P>I wonder if anyone would have any hint on what else to check.</P> Wed, 25 May 2022 11:14:02 GMT Alex- 2022-05-25T11:14:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Azure-AD-application-proxy-and-HTTPS-Inspection/m-p/149433#M23956 <P>R81.10 Take 45, 5000 series appliance, non-VSX.</P><P>&nbsp;</P><P>The customer has been evaluating this service from Microsoft.</P><P>&nbsp;</P><P><A href="https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy" target="_blank" rel="noopener">Remote access to on-premises apps - Azure AD Application Proxy | Microsoft Docs</A></P><P>Everything works fine until HTTPS Inspection is turned on. From that moment, the rendering of applications becomes inconsistent with screen freezes, lag and so on. Unchecking HTTPS Inspection clears this.</P><P>Nothing is actually inspected as HTTPS Inspection is also being evaluated so the only initial actions were first to activate the service with a single rule any/any/any bypass upon which rules would be built. In the logs, all HTTPS traffic is shown as bypassed and all other HTTPS applications continue working.</P><P>The certificate has been regenerated, CA list updated, SecureXL off/on, failover, reboot, tried Ongoing Take 55, same result.</P><P>wstlsd.elg and drops debugs on traffic don't show any issues.</P><P>I wonder if anyone would have any hint on what else to check.</P> Wed, 25 May 2022 11:14:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Azure-AD-application-proxy-and-HTTPS-Inspection/m-p/149433#M23956 Alex- 2022-05-25T11:14:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Azure-AD-application-proxy-and-HTTPS-Inspection/m-p/149458#M23963 <P>Hey,</P><P>&nbsp;</P><P>Based on this "<SPAN>From that moment, the rendering of applications becomes inconsistent with screen freezes, lag and so on. Unchecking HTTPS Inspection clears this.</SPAN>" an not knowing exactly what model of appliance you have, I could say you are seeing/hitting an appliance limitation.&nbsp;</P><P>Could it also be that the application you try to access through the Azure APP Proxy, requires some extra accesses/resources that are not allowed ?!?!?! Try with an simple app and see what you get .</P><P>&nbsp;</P><P>The application freeze is when you try to reach from outside an internal application through Azure App Proxy?</P><P>How about the performance for browsing from inside to outside - that passes also through the same GW so you could clearly see and pinpoint the GW .</P><P>&nbsp;</P><P>Thank you,</P><P>&nbsp;</P> Wed, 25 May 2022 15:27:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Azure-AD-application-proxy-and-HTTPS-Inspection/m-p/149458#M23963 Sorin_Gogean 2022-05-25T15:27:53Z