https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-Causing-issues-with-Citrix-Sharefile-Uploads/m-p/160842#M28390 <P>We put in a selective bypass based on user role as the source and sharefile services as the destination for the HTTPS Bypass, but traffic is still being inspected for what appears to be cloudfront, so that looks to be the real culprit here.&nbsp; However, there are a lot of cloudfront services under AWS, not really sure which ones would specifically correspond to sharefile.</P> Mon, 31 Oct 2022 15:25:16 GMT Gregory_Link 2022-10-31T15:25:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-Causing-issues-with-Citrix-Sharefile-Uploads/m-p/160689#M28370 <P>We utilize Citrix Sharefile for large file uploads and sharing.&nbsp; We are running into issues where it looks like traffic is being inspected going to sharefile CDN hosted in Cloudfront doesn't like the traffic being inspected and is killing the upload around ~90MB if the file is larger than that but sharefile supports much larger files.&nbsp; There doesn't appear anyway to bypass the traffic by domain effectively and there aren't any updatable objects for me to utilize for sharepoint.&nbsp; Attached screenshot of inspected traffic.&nbsp; We have bypassed&nbsp;<STRONG>storage-cf-us.sharefile.com</STRONG> and <STRONG>*.storage-cf-us.sharefile.com</STRONG> but it doesn't seem to have any effect.</P><P>Any advise here on getting this working how we want it.&nbsp; We don't want to bypass all sharefile traffic because we have specific rules on sharefile upload and download to restrict user groups, but I would think there would be a better way to address this.</P> Fri, 28 Oct 2022 15:58:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-Causing-issues-with-Citrix-Sharefile-Uploads/m-p/160689#M28370 Gregory_Link 2022-10-28T15:58:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-Causing-issues-with-Citrix-Sharefile-Uploads/m-p/160815#M28382 <P>Please use Citrix updatable object in the exclusion rule, as described in&nbsp;<SPAN>sk131852.&nbsp;</SPAN></P> Mon, 31 Oct 2022 11:53:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-Causing-issues-with-Citrix-Sharefile-Uploads/m-p/160815#M28382 _Val_ 2022-10-31T11:53:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-Causing-issues-with-Citrix-Sharefile-Uploads/m-p/160842#M28390 <P>We put in a selective bypass based on user role as the source and sharefile services as the destination for the HTTPS Bypass, but traffic is still being inspected for what appears to be cloudfront, so that looks to be the real culprit here.&nbsp; However, there are a lot of cloudfront services under AWS, not really sure which ones would specifically correspond to sharefile.</P> Mon, 31 Oct 2022 15:25:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-Causing-issues-with-Citrix-Sharefile-Uploads/m-p/160842#M28390 Gregory_Link 2022-10-31T15:25:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-Causing-issues-with-Citrix-Sharefile-Uploads/m-p/160922#M28406 <P>This is a tricky one. I had same issue with customer last year for a different sharefile product and we must have spent 3-4 months with escalation team working on it and finally got it going, but I am trying to remember how we did it. I know we ended up adding bunch of custom application site objects in the category column of the https inspection policy.&nbsp;</P> <P>Happy to do remote and help you out. Im certain I would be able to figure it out.</P> Tue, 01 Nov 2022 14:19:34 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Inspection-Causing-issues-with-Citrix-Sharefile-Uploads/m-p/160922#M28406 the_rock 2022-11-01T14:19:34Z