https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-I-totally-bypass-HTTPS-inspection-for-a-particular-URL/m-p/213863#M40777 <P>I should have clarified...if you have separate urlf ordered layer, thats where I would create the rule.</P> <P>Andy</P> Fri, 10 May 2024 16:01:50 GMT the_rock 2024-05-10T16:01:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-I-totally-bypass-HTTPS-inspection-for-a-particular-URL/m-p/213834#M40769 <P>Can I create a Security Rule to allow HTTPS to a specific Domain and totally bypass HTTPS inspection for a particular URL, rather than creating a Bypass Action rule in the HTTPS Inspection Policy ?<BR /><BR />I want to permit access to a particular external URL without the possibility of HTTPS inspection doing something.&nbsp; We have had several instances recently where the Bypass action rule has stopped working, leading to all of the traffic being inspected, which then breaks access to the external website.<BR /><BR />I found that I needed to re-push the policy with Threat Prevention ticked in order to get the Bypass Action rules to start working again</P> Fri, 10 May 2024 10:38:32 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-I-totally-bypass-HTTPS-inspection-for-a-particular-URL/m-p/213834#M40769 championc1 2024-05-10T10:38:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-I-totally-bypass-HTTPS-inspection-for-a-particular-URL/m-p/213843#M40774 <P>Well, you can create a rule allowing access to that domain using say domain object or custom url object, as long as you have urlf blade enabled in network layer. I cant guarantee that would work, but you can certainly give it a go.</P> <P>Andy</P> Fri, 10 May 2024 11:51:09 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-I-totally-bypass-HTTPS-inspection-for-a-particular-URL/m-p/213843#M40774 the_rock 2024-05-10T11:51:09Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-I-totally-bypass-HTTPS-inspection-for-a-particular-URL/m-p/213863#M40777 <P>I should have clarified...if you have separate urlf ordered layer, thats where I would create the rule.</P> <P>Andy</P> Fri, 10 May 2024 16:01:50 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-I-totally-bypass-HTTPS-inspection-for-a-particular-URL/m-p/213863#M40777 the_rock 2024-05-10T16:01:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-I-totally-bypass-HTTPS-inspection-for-a-particular-URL/m-p/214043#M40859 <P>Yes, that's why we have an HTTPS Inspection policy.<BR />However, the decision to bypass inspection cannot be made on a full URL, but only on a specific host.<BR />The reason: most web connections are HTTPS and access to the URL requires full HTTPS Inspection (the very thing you're trying to avoid).<BR />If you use an App Control category or Custom Application/Site in your policy, this requires App Control.</P> <P>A screenshot of your actual HTTPS Inspection policy might be helpful along with version/JHF information.</P> Mon, 13 May 2024 14:57:32 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-I-totally-bypass-HTTPS-inspection-for-a-particular-URL/m-p/214043#M40859 PhoneBoy 2024-05-13T14:57:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-I-totally-bypass-HTTPS-inspection-for-a-particular-URL/m-p/214044#M40860 <P>Good points!</P> Mon, 13 May 2024 15:00:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-I-totally-bypass-HTTPS-inspection-for-a-particular-URL/m-p/214044#M40860 the_rock 2024-05-13T15:00:12Z