topic Re: Dropbox and SSL Inspection in General Topics

Dropbox and SSL Inspection

Terri_Hawkins — Thu, 09 Apr 2020 13:46:34 GMT

Hi! Has anyone using r80.30 been able to get Dropbox client to work with SSL Inspection turned on? I can't get the client to connect. When I turn off SSL inspection for the site it connects immediately.

I found this article but it does not seem to apply to my version as there already is a dropbox application and there is no "accept" option in the HTTP Ispection (just bypass or inspect)

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk104238

We only have a few users still on Dropbox but this does not seem to be the kind of traffic you want to turn httpsinspection off on.

Any assistance is appreciated.

thanks

terri

Re: Dropbox and SSL Inspection

PhoneBoy — Fri, 10 Apr 2020 05:39:43 GMT

Dropbox in particular uses Certificate Pinning, which makes HTTPS Inspection on this traffic impossible as the application will never trust our certificate.
We have Dropbox (and several other apps) as an Updatable Object precisely so it can be easily bypassed in the HTTPS Inspection policy in R80.40 and above.

Re: Dropbox and SSL Inspection

Terri_Hawkins — Mon, 13 Apr 2020 11:34:02 GMT

Thank you for the response. We are still on 80.30, but if 80.40 allows updateable objects in the https inspection policy we may need to look at it more closely.

Thanks again!

terri

Re: Dropbox and SSL Inspection

_Val_ — Tue, 14 Apr 2020 06:56:05 GMT

With certificate pinning, you cannot implement "man in the middle", so no inspection. You can either bypass or disallow access.