https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-policy-doubt/m-p/96674#M78485 <P>So there is priority<BR />That is, I must first set the IP before setting up the application?</P><P>Does this have the documentation?</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 14 Sep 2020 02:27:36 GMT Chou_YiHsien 2020-09-14T02:27:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-policy-doubt/m-p/96542#M78482 <P>Hi Everyone,</P><P>&nbsp;</P><P>I have a question.</P><P>I set 2 policies on R80.40 HTTPS inspection.</P><P>1.src:any ,dst:google service , service port:443&nbsp;</P><P>2.src:any , dst:xx.xx.xx.xx , service port:443</P><P>Why is there no effect if the IP is placed in the second policy?<BR />If you put the IP in the first one, it will be applied normally?</P> Fri, 11 Sep 2020 06:46:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-policy-doubt/m-p/96542#M78482 Chou_YiHsien 2020-09-11T06:46:23Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-policy-doubt/m-p/96553#M78483 <P>How do you mean, no effect?</P> Fri, 11 Sep 2020 09:25:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-policy-doubt/m-p/96553#M78483 _Val_ 2020-09-11T09:25:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-policy-doubt/m-p/96561#M78484 <P>I have also already made the experience that with the HTTPS Policy you should first make the rules based on IP addresses at the top and then those based on applications below.</P><P>I had the applicaton based bypass rule in the first place and the policy did not work.</P><P>For me it seems like you have to pay attention to a certain sequence.</P><P>But I haven't found anything where it's documented.</P> Fri, 11 Sep 2020 10:45:34 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-policy-doubt/m-p/96561#M78484 Nikolai_Borhart 2020-09-11T10:45:34Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-policy-doubt/m-p/96674#M78485 <P>So there is priority<BR />That is, I must first set the IP before setting up the application?</P><P>Does this have the documentation?</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 14 Sep 2020 02:27:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-policy-doubt/m-p/96674#M78485 Chou_YiHsien 2020-09-14T02:27:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-policy-doubt/m-p/96901#M78486 <P>Rules are evaluated per <A href="https://community.checkpoint.com/t5/General-Management-Topics/Unified-Policy-Column-based-Rule-Matching/m-p/9888#M1693" target="_self">Column-based rule matching.</A><BR />This applies to HTTPS Inspection policy as well.<BR />If the connection matches the first rule, that is the rule that will apply.<BR />In general, you should always have more specific rules first.</P> Thu, 17 Sep 2020 04:46:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-policy-doubt/m-p/96901#M78486 PhoneBoy 2020-09-17T04:46:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-policy-doubt/m-p/96912#M78487 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;just a small correction, for Unified Policy, and not for HTTPS Inspection, if AC/URLF and/or content inspection are in play, it might be that the connection will be matched to more than a single rule, pending streaming data decision.</P> Thu, 17 Sep 2020 07:33:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-inspection-policy-doubt/m-p/96912#M78487 _Val_ 2020-09-17T07:33:56Z