https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-Inspection-despite-exclusion/m-p/207721#M39332 <P>Sounds like you did it properly. Personally though, I ALWAYS use wildcard for https bypass, ie *printing.post.de*, Im sure that would work. If you give it a go, you can test, something like below screnshot</P> <P>Best,</P> <P>Andy</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot_1.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/24723iC094A1BA2D1B56BD/image-size/medium?v=v2&amp;px=400" role="button" title="Screenshot_1.png" alt="Screenshot_1.png" /></span></P> <P> </P> Mon, 04 Mar 2024 12:49:11 GMT the_rock 2024-03-04T12:49:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-Inspection-despite-exclusion/m-p/207701#M39328 <P>hi there,</P><P>&nbsp;</P><P>i've created an exclusion for a website like printing.post.de. To do this i went to HTTPS Inspection Blade, created a policy. As Source i chose an Access Role. Theres an Active Directory Group behind it.</P><P>As Destination i created an Object "domain" like .printing.post.de. Action is "Bypass". Saved and installed.</P><P>It works like this for almost all users but one. Theres one user, thats also part of the AD Group, that triggers the HTTPS inspection.</P><P>The website isnt working for that user and i can see that the site is inspected in the logfiles</P><P>There are no known differences between that user and all the others</P><P>&nbsp;</P><P>Any hints?&nbsp;</P><P>&nbsp;</P><P>regards</P> Mon, 04 Mar 2024 09:22:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-Inspection-despite-exclusion/m-p/207701#M39328 SWBW_Florian 2024-03-04T09:22:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-Inspection-despite-exclusion/m-p/207721#M39332 <P>Sounds like you did it properly. Personally though, I ALWAYS use wildcard for https bypass, ie *printing.post.de*, Im sure that would work. If you give it a go, you can test, something like below screnshot</P> <P>Best,</P> <P>Andy</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot_1.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/24723iC094A1BA2D1B56BD/image-size/medium?v=v2&amp;px=400" role="button" title="Screenshot_1.png" alt="Screenshot_1.png" /></span></P> <P> </P> Mon, 04 Mar 2024 12:49:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-Inspection-despite-exclusion/m-p/207721#M39332 the_rock 2024-03-04T12:49:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-Inspection-despite-exclusion/m-p/207741#M39334 <P>Note that this can match more sites than you might expect. Among other things, it would match printing.post.de.virusbiz.ru.</P> <P>I posted <A href="https://community.checkpoint.com/t5/Security-Gateways/Custom-Application-Site-Findings/m-p/179606" target="_self">an analysis of what a custom application/site object matches</A> a little under a year ago.</P> Mon, 04 Mar 2024 14:40:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-Inspection-despite-exclusion/m-p/207741#M39334 Bob_Zimmerman 2024-03-04T14:40:00Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-Inspection-despite-exclusion/m-p/207744#M39335 <P>Thats very true, agree. Thats a danger in using those I suppose, though personally, I never had an issue.</P> <P>Best,</P> <P>Andy</P> Mon, 04 Mar 2024 14:42:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-Inspection-despite-exclusion/m-p/207744#M39335 the_rock 2024-03-04T14:42:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-Inspection-despite-exclusion/m-p/223824#M42957 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/38213">@the_rock</a>&nbsp;,</P><P>today i tried to cleanup our smartconsole a bit. We use at the moment single domains for those httpsi rules, and not an application group</P><P>i created now an Application&nbsp; (httpsi Whitelist)and added some websites there</P><P>i then created a new rule with "source" as computergroup, Destination internet and category&nbsp;"httpsi Whitelist". Action bypass. very similar to your screenshot</P><P>But it wont work. Websites are inspected, though. Is there anything else needed for this?</P><P>it looks like attached. IT consists of our IT Department computers. the whitelist contains only one website with no special setups</P><DIV class="">&nbsp;</DIV><P>thanks in advance</P> Fri, 16 Aug 2024 06:55:20 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-Inspection-despite-exclusion/m-p/223824#M42957 SWBW_Florian 2024-08-16T06:55:20Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-Inspection-despite-exclusion/m-p/223844#M42965 <P>Here is the key. You need to ensure those sites are ALLOWED in urlf layer, as per my post below. Im positive if you do that, it will work. I had R80.30, R80.40 lab, now I have R81.20 and R82 ssl inspection lab, never an issue.</P> <P>Andy</P> <P><A href="https://community.checkpoint.com/t5/Security-Gateways/Https-inspection-lab-guide/m-p/214429#M40929" target="_blank">Https inspection lab guide - Check Point CheckMates</A></P> <P><A href="https://community.checkpoint.com/t5/Security-Gateways/Https-inspection-tip/m-p/219139" target="_blank">Https inspection tip - Check Point CheckMates</A></P> Fri, 16 Aug 2024 12:32:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-Inspection-despite-exclusion/m-p/223844#M42965 the_rock 2024-08-16T12:32:49Z