https://community.checkpoint.com/t5/General-Topics/https-inspection-is-not-working/m-p/9162#M1155 <HTML><HEAD></HEAD><BODY><P>Hi Guys,</P><P></P><P>I have a strange problem with https inspection. Something I am missing here and run out of options.</P><P></P><P>R80.10 with appl/urlf/https inspection turned on. Enhanced ssl inspection is on.</P><P></P><P>cat $FWDIR/boot/modules/fwkern.conf<BR />enhanced_ssl_inspection=1</P><P></P><P>https inspection policy:</P><P>my computer -&gt; internal networks;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;any category; action: bypass</P><P>my computer -&gt; internet;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;specific URLs; action bypass</P><P>my computer -&gt; internet;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;any category; action: inspect</P><P></P><P>First problem - there are no inspect logs. Only bypass for first https inspection rule.</P><P>Because it is not inspected, in appl/urlf policy my traffic avoiding first rules and hitting last one - any -&gt; internet; action allow.</P><P></P><P>wstlsd.elg file contains only:</P><P>[26 Nov 8:39:04] wstlsd_init: Instance #0 of Daemon initiated successfully<BR />[26 Nov 8:39:04] wstlsd_init: Instance #2 of Daemon initiated successfully<BR />[26 Nov 8:39:04] wstlsd_init: Instance #4 of Daemon initiated successfully</P><P></P><P>Any ideas?</P></BODY></HTML> Mon, 26 Nov 2018 08:56:25 GMT abihsot__ 2018-11-26T08:56:25Z https://community.checkpoint.com/t5/General-Topics/https-inspection-is-not-working/m-p/9162#M1155 <HTML><HEAD></HEAD><BODY><P>Hi Guys,</P><P></P><P>I have a strange problem with https inspection. Something I am missing here and run out of options.</P><P></P><P>R80.10 with appl/urlf/https inspection turned on. Enhanced ssl inspection is on.</P><P></P><P>cat $FWDIR/boot/modules/fwkern.conf<BR />enhanced_ssl_inspection=1</P><P></P><P>https inspection policy:</P><P>my computer -&gt; internal networks;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;any category; action: bypass</P><P>my computer -&gt; internet;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;specific URLs; action bypass</P><P>my computer -&gt; internet;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;any category; action: inspect</P><P></P><P>First problem - there are no inspect logs. Only bypass for first https inspection rule.</P><P>Because it is not inspected, in appl/urlf policy my traffic avoiding first rules and hitting last one - any -&gt; internet; action allow.</P><P></P><P>wstlsd.elg file contains only:</P><P>[26 Nov 8:39:04] wstlsd_init: Instance #0 of Daemon initiated successfully<BR />[26 Nov 8:39:04] wstlsd_init: Instance #2 of Daemon initiated successfully<BR />[26 Nov 8:39:04] wstlsd_init: Instance #4 of Daemon initiated successfully</P><P></P><P>Any ideas?</P></BODY></HTML> Mon, 26 Nov 2018 08:56:25 GMT https://community.checkpoint.com/t5/General-Topics/https-inspection-is-not-working/m-p/9162#M1155 abihsot__ 2018-11-26T08:56:25Z https://community.checkpoint.com/t5/General-Topics/https-inspection-is-not-working/m-p/9163#M1156 <HTML><HEAD></HEAD><BODY><P>Hello. Please check your network topology. You must be sure that you have an 'external' interface.</P></BODY></HTML> Mon, 26 Nov 2018 10:30:31 GMT https://community.checkpoint.com/t5/General-Topics/https-inspection-is-not-working/m-p/9163#M1156 Evgeniy_Olkov 2018-11-26T10:30:31Z https://community.checkpoint.com/t5/General-Topics/https-inspection-is-not-working/m-p/9164#M1157 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>thank you for suggestion! However I thought about this too, so I modified my https inspection policy to:</P><P style="color: #333333; background-color: #ffffff; border: 0px;">my computer -&gt; internal networks;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;any category; action: bypass</P><P style="color: #333333; background-color: #ffffff; border: 0px;">my computer -&gt; any;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;specific URLs; action bypass</P><P style="color: #333333; background-color: #ffffff; border: 0px;">my computer -&gt; any;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;any category; action: inspect</P><P style="color: #333333; background-color: #ffffff; border: 0px;"></P><P style="color: #333333; background-color: #ffffff; border: 0px;">Still no luck.</P><P style="color: #333333; background-color: #ffffff; border: 0px;"></P><P style="color: #333333; background-color: #ffffff; border: 0px;">By the way in firewall topology I have external interface defined.</P></BODY></HTML> Mon, 26 Nov 2018 11:38:00 GMT https://community.checkpoint.com/t5/General-Topics/https-inspection-is-not-working/m-p/9164#M1157 abihsot__ 2018-11-26T11:38:00Z https://community.checkpoint.com/t5/General-Topics/https-inspection-is-not-working/m-p/9165#M1158 <HTML><HEAD></HEAD><BODY><P>Yes, I mean the firewall network topology. I had the same&nbsp;isue two weeks ago. After many actions I have just reconfigured the topology (override - External -&gt; Internet) and installed the policy. And it has started to work.</P></BODY></HTML> Mon, 26 Nov 2018 11:44:25 GMT https://community.checkpoint.com/t5/General-Topics/https-inspection-is-not-working/m-p/9165#M1158 Evgeniy_Olkov 2018-11-26T11:44:25Z https://community.checkpoint.com/t5/General-Topics/https-inspection-is-not-working/m-p/9166#M1159 <HTML><HEAD></HEAD><BODY><P>Hi Guys,</P><P></P><P>Just wanted to let you know that after removing identity awareness object from https inspection policy it started working... However I am still not happy how it works. I'll do some more testing</P></BODY></HTML> Fri, 28 Dec 2018 07:04:25 GMT https://community.checkpoint.com/t5/General-Topics/https-inspection-is-not-working/m-p/9166#M1159 abihsot__ 2018-12-28T07:04:25Z