https://community.checkpoint.com/t5/General-Topics/HTTPS-Inspection-Rule-Not-Being-Matched/m-p/130724#M23770 <P>Just answered my own question.</P><P>Changed the URL in the object to "<SPAN>ase-dev.ourdomain.com" (not regex) and inspection works.</SPAN></P><P><SPAN>But will need upgrade to meet the requirements....</SPAN></P><P><SPAN>Thanks PhoneBoy.</SPAN></P> Thu, 30 Sep 2021 15:11:54 GMT Gerard2012 2021-09-30T15:11:54Z https://community.checkpoint.com/t5/General-Topics/HTTPS-Inspection-Rule-Not-Being-Matched/m-p/130693#M23761 <P>Hello all</P><P>&nbsp;</P><P>In tried search forum for answer to this but nothing I've seen seems to work for me.</P><P>I'm have been tasked to enabled URL filtering to restrict access to internally hosted web apps.</P><P>I have enabled HTTPS inspection and have successfully blocked access to external HTTPS sites as a test, but for some reason the URL for this internal app is not matched in the inspection rules.</P><P>&nbsp;</P><P>In this instance the CP software is R80.10.</P><P>&nbsp;</P><P>The URL in question is:</P><P><A href="https://ukst-webapp-utils-dev009.ase-dev.ourdomain.com/clientapp" target="_blank">https://ukst-webapp-utils-dev009.ase-dev.ourdomain.com/clientapp</A></P><P>&nbsp;</P><P>I've tried every iteration of this in the Custom Application object...</P><P>"ukst-webapp-utils-dev009.ase-dev.ourdomain.com/clientapp"</P><P>"ukst-webapp-utils-dev009.ase-dev.ourdomain.com"</P><P>"ase-dev.ourdomain.com"</P><P>As regex...</P><P>".*\.ase-dev\.ourdomain\.com\/clientapp"</P><P>&nbsp;</P><P>It just will not hit the inspection rule.</P><P>&nbsp;</P><P>The server presents a wildcard cert for "*.ase-dev.ourdomain.com", is that significant?</P><P>It only works when I set the rule site category to "any", and then traffic seems to be classified as "Business / Economy".</P><P>Any advise would be greatly appreciated.</P><P>&nbsp;</P><P>Thanks.</P> Thu, 30 Sep 2021 13:45:35 GMT https://community.checkpoint.com/t5/General-Topics/HTTPS-Inspection-Rule-Not-Being-Matched/m-p/130693#M23761 Gerard2012 2021-09-30T13:45:35Z https://community.checkpoint.com/t5/General-Topics/HTTPS-Inspection-Rule-Not-Being-Matched/m-p/130697#M23763 <P>In R80.10, we match only based on the DN of the certificate.<BR />Later versions support SNI (possibly requiring a JHF).<BR />In any case, R80.10 is nearly End of Support and recommend upgrading.</P> Thu, 30 Sep 2021 13:50:56 GMT https://community.checkpoint.com/t5/General-Topics/HTTPS-Inspection-Rule-Not-Being-Matched/m-p/130697#M23763 PhoneBoy 2021-09-30T13:50:56Z https://community.checkpoint.com/t5/General-Topics/HTTPS-Inspection-Rule-Not-Being-Matched/m-p/130723#M23769 <P>Thanks for responding so quickly PhoneBoy.</P><P>Yes, noted this needs to be upgraded, but to clarify, is it at all possible to match an inspection rule for a wildcard cert? If the the&nbsp;<SPAN>Custom Application object were just ...</SPAN></P><P><SPAN>".*\.ase-dev\.ourdomain\.com\"</SPAN></P><P>for example?</P><P>&nbsp;</P> Thu, 30 Sep 2021 15:06:47 GMT https://community.checkpoint.com/t5/General-Topics/HTTPS-Inspection-Rule-Not-Being-Matched/m-p/130723#M23769 Gerard2012 2021-09-30T15:06:47Z https://community.checkpoint.com/t5/General-Topics/HTTPS-Inspection-Rule-Not-Being-Matched/m-p/130724#M23770 <P>Just answered my own question.</P><P>Changed the URL in the object to "<SPAN>ase-dev.ourdomain.com" (not regex) and inspection works.</SPAN></P><P><SPAN>But will need upgrade to meet the requirements....</SPAN></P><P><SPAN>Thanks PhoneBoy.</SPAN></P> Thu, 30 Sep 2021 15:11:54 GMT https://community.checkpoint.com/t5/General-Topics/HTTPS-Inspection-Rule-Not-Being-Matched/m-p/130724#M23770 Gerard2012 2021-09-30T15:11:54Z https://community.checkpoint.com/t5/General-Topics/HTTPS-Inspection-Rule-Not-Being-Matched/m-p/130733#M23771 <P>I was just about to reply and suggest what you put in there. I ALWAYS use that method for allowing./blocking...*domain* and works fine : )</P> Thu, 30 Sep 2021 16:11:55 GMT https://community.checkpoint.com/t5/General-Topics/HTTPS-Inspection-Rule-Not-Being-Matched/m-p/130733#M23771 the_rock 2021-09-30T16:11:55Z