https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/246077#M47959 <P>Thank you <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/8345">@Tom_Hinoue</a> ! Good to know we're not alone. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> Going to DM in a second.</P> Wed, 09 Apr 2025 17:00:07 GMT Teddy_Brewski 2025-04-09T17:00:07Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/128026#M18610 <P>Hey everyone,</P> <P>&nbsp;</P> <P>I hope someone can shed some light on this and provide some suggestions : ). So, here is the situation.</P> <P>Customer has R81 mgmt and R80.40 jumbo 120 HA cluster. All works fine, but for some odd reason, with https inspection enabled, pages are blocked as per desired categories, BUT, user check block page seems to work super random. So say you go to gambling site, it gets blocked on chrome, but not on safari on mac...then on windows, its also very random, really depends site you go to if blocked page notification comes up or not.</P> <P>We verified all the rules, logs show correct action and categories, so Im really not sure how to troubleshoot this. We do have TAC case, but wanted to do proper testing myself first.</P> <P>&nbsp;</P> <P>Not sure if this info is worth much, but say if you try facebook.com, it simply shows connection was reset, yet log shows facebook is blocked according to right rule.&nbsp;</P> <P>&nbsp;</P> <P>If someone could give any suggestions/guidance on this, would be greatly appreciated!!</P> <P>&nbsp;</P> <P>Thanks as always.</P> Thu, 26 Aug 2021 00:21:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/128026#M18610 the_rock 2021-08-26T00:21:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/128028#M18611 <P>All of that sounds like some pages are NOT getting HTTPS Inspection applied as&nbsp;that is required for the block page to show up.<BR />If HTTPS Inspection isn't enabled, or isn't happening for some reason, the only option to block a connection is a TCP RST.</P> Thu, 26 Aug 2021 01:20:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/128028#M18611 PhoneBoy 2021-08-26T01:20:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/128029#M18612 <P>I agree with you 100%, but the question is why...any good approach to this behavior?</P> <P>&nbsp;</P> <P>Thanks as always.</P> Thu, 26 Aug 2021 01:30:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/128029#M18612 the_rock 2021-08-26T01:30:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/128032#M18614 <P>If it were me, I'd probably be looking at debugging wstlsd.<BR />TAC may have some other suggestions as well.<BR /><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk105559&amp;partition=Advanced&amp;product=HTTPS" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk105559&amp;partition=Advanced&amp;product=HTTPS</A></P> Thu, 26 Aug 2021 01:39:52 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/128032#M18614 PhoneBoy 2021-08-26T01:39:52Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/128033#M18615 <P>That sounds good...I may call into TAC tomorrow to see if they have any other suggestions. Tx!</P> <P>&nbsp;</P> <P>A.</P> Thu, 26 Aug 2021 01:41:48 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/128033#M18615 the_rock 2021-08-26T01:41:48Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/246059#M47955 <P>Hi <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/38213">@the_rock</a>&nbsp;</P><P>Do you recall any tips from TAC?</P><P>We're experiencing the same(?) issue with 1555 SMB appliances running R81.10.17 (996004508) with <SPAN class="">Application Control</SPAN> and <SPAN class="">URL Filtering blades</SPAN> enabled.&nbsp; HTTPS Inspection is not enabled, but we do have "Categorize HTTPS websites" checked.</P><P>Accessing http websites that fall into a blocked category results in a blocked page -- no issues here.</P><P>Accessing the same website over https doesn't produce the blocked page, but rather Connection Reset error in the browser. Also, there is some random behavior observed when nothing is blocked with certain browsers.</P><P>Logs do show correct action and category.</P><P>Thanks!</P><P>&nbsp;</P> Wed, 09 Apr 2025 13:18:52 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/246059#M47955 Teddy_Brewski 2025-04-09T13:18:52Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/246061#M47956 <P>This was a while ago, but I remember it worked fine after R81 upgrade, no issues. I would say you definitely need ssl inspection on for this to work right.</P> <P>Andy</P> Wed, 09 Apr 2025 13:25:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/246061#M47956 the_rock 2025-04-09T13:25:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/246066#M47958 <P>For locally managed SMBs, we have confirmed this issue occurs in R81.10.15/R81.10.17 and a SR is opened to TAC.<BR />A hotfix should be available now for this issue, so if interested open a case to TAC and they should be able to assist <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><BR />If you need the SR number, you can DM me and I will be happy to help.</P> Wed, 09 Apr 2025 14:10:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/246066#M47958 Tom_Hinoue 2025-04-09T14:10:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/246077#M47959 <P>Thank you <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/8345">@Tom_Hinoue</a> ! Good to know we're not alone. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> Going to DM in a second.</P> Wed, 09 Apr 2025 17:00:07 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/246077#M47959 Teddy_Brewski 2025-04-09T17:00:07Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/246079#M47960 <P>gotcha. Will reply in DM regarding what I know.</P> Wed, 09 Apr 2025 17:35:17 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/246079#M47960 Tom_Hinoue 2025-04-09T17:35:17Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/246084#M47961 <P>To show a block page, we need to issue an HTTP Redirect to the UserCheck portal.<BR />For HTTPS connections, this is impossible to do unless&nbsp;HTTPS Inspection is enabled.</P> Wed, 09 Apr 2025 19:44:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/246084#M47961 PhoneBoy 2025-04-09T19:44:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/246091#M47962 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/26978">@Teddy_Brewski</a>&nbsp;What&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;said is 100% correct. Think of the fw as MITM (man in the middle) in this case...if ssl inspection is off, there is literally nothing to "intercept".</P> <P>Andy</P> Wed, 09 Apr 2025 21:24:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/246091#M47962 the_rock 2025-04-09T21:24:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/246092#M47963 <P>On another note, but in the same context, check out what&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/181">@_Val_</a>&nbsp;said on November 23rd, 2021 in below post, its perfect explanation.</P> <P>Andy</P> <P><A href="https://community.checkpoint.com/t5/Security-Gateways/Categorize-HTTPS-Websites/m-p/134729/emcs_t/S2h8ZW1haWx8dG9waWNfc3Vic2NyaXB0aW9ufEtXQzJBQUFSS0w3WDNXfDEzNDcyOXxTVUJTQ1JJUFRJT05TfGhL#M20231" target="_blank">https://community.checkpoint.com/t5/Security-Gateways/Categorize-HTTPS-Websites/m-p/134729/emcs_t/S2h8ZW1haWx8dG9waWNfc3Vic2NyaXB0aW9ufEtXQzJBQUFSS0w3WDNXfDEzNDcyOXxTVUJTQ1JJUFRJT05TfGhL#M20231</A></P> Wed, 09 Apr 2025 21:28:19 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-block-page-issue/m-p/246092#M47963 the_rock 2025-04-09T21:28:19Z