topic Re: HTTPS Inspection Bypass in Firewall and Security Management

HTTPS Inspection Bypass

CaseyB — Thu, 01 Aug 2024 14:02:33 GMT

Running into an issue where I need to bypass HTTPS inspection (R81.10 JHF 150); however, this is the URL:

https://eka-prod-xxx.s3-eu-west-1.amazonaws.com - xxx is the wildcard. Is there a good way to handle this?

The full URL in this case ended up being:

eka-prod-survey-binaries-active-bucket-e1lw1wtq8m9jg38i.s3.eu-west-1.amazonaws.com

Re: HTTPS Inspection Bypass

the_rock — Thu, 01 Aug 2024 14:23:02 GMT

I just tested in the lab and worked fine, added to bypass rule like below.

Andy

Re: HTTPS Inspection Bypass

CaseyB — Thu, 01 Aug 2024 15:41:25 GMT

https://eka-prod-xxx.s3-eu-west-1.amazonaws.com/ isn't the actual URL it is using though, XXX is a placeholder for numerous other names.

I could add the highlighted URL to resolve the issue, but that section is dynamic and will be something else later. That's why I need to be able to do some sort of wildcard for the XXX portion of https://eka-prod-xxx.s3-eu-west-1.amazonaws.com/.

Re: HTTPS Inspection Bypass

the_rock — Thu, 01 Aug 2024 15:50:15 GMT

Easy peasy...just add *eka-prod* as wild card, thats what I did, no issues.

Andy

Re: HTTPS Inspection Bypass

CaseyB — Thu, 01 Aug 2024 16:12:49 GMT

Ah, perfect, thanks! I forgot about the * wildcard option within custom Application/Site.

Re: HTTPS Inspection Bypass

the_rock — Thu, 01 Aug 2024 16:14:29 GMT

All good...we are here to help 🙂

Andy

Re: HTTPS Inspection Bypass

PhoneBoy — Fri, 16 Aug 2024 19:42:54 GMT

For run (and research purposes), I asked AI Copilot this question.
Here's a more verbose answer:

To handle bypassing HTTPS inspection for URLs with wildcards, such as the one you provided, you can use the following approach:

Solution: Bypass HTTPS Inspection Using Wildcards

Create a Custom Application/Site Object:
- Open SmartConsole.
- Go to Security Policies.
- Click on Application/Site under Shared Objects.
- Click New > Application/Site.
- Name the object (e.g.,AmazonS3Wildcard).
- In the URL field, enter the wildcard URL:*.s3.eu-west-1.amazonaws.com.
- Click OK to save the object.
Create an HTTPS Inspection Bypass Rule:
- In SmartConsole, go to Security Policies.
- Click on HTTPS Inspection > Policy.
- Add a new rule at the top of the policy:
  - Name: Bypass Amazon S3
  - Source: Any (or specify the relevant source if needed)
  - Destination: Add theAmazonS3Wildcardobject created earlier.
  - Services: HTTPS (or specify the relevant HTTPS services)
  - Action: Bypass
- Click OK to save the rule.
Install the Policy:
- Install the Access Control policy to apply the changes.

Example Rule Configuration

Source	Destination	Services	Action
Any	AmazonS3Wildcard	HTTPS	Bypass

Important Notes:

Wildcard Handling: Ensure that the wildcard pattern correctly matches the URLs you intend to bypass.
Policy Order: Place the bypass rule at the top of the HTTPS Inspection policy to ensure it is matched before other rules.
Testing: After applying the policy, test accessing the URL to confirm that the bypass is working as expected.

By following these steps, you should be able to bypass HTTPS inspection for URLs with wildcards effectively. If you encounter any issues, please refer to the relevant Check Point documentation or contact Check Point support for further assistance.

BE AWARE

Important - To prevent negative impact on your production environment, double-check the provided information in the Administration Guide for the involved product.

Learn more: