https://community.checkpoint.com/t5/General-Topics/https-inspection-drop/m-p/188905#M31676 <P>Why the question - either the connection is https inspected or excluded from that. Acceleration should not make any difference afaik. Here, a probe is sent to the site that fails for some reason - used cipher not supported,&nbsp;SNI verification failed or else. I would do an exclusion for government websites as they should not contain malware and customer is connecting using special apps.</P> Tue, 08 Aug 2023 10:22:07 GMT G_W_Albrecht 2023-08-08T10:22:07Z https://community.checkpoint.com/t5/General-Topics/https-inspection-drop/m-p/188898#M31672 <P>We are having a problem connecting to government websites.<BR />We have enabled https inspection exception for these sites.<BR />Users use special software to connect to these sites.<BR />The first log shows accept.<BR />But there is a second log drops with the message "The probe sent to destination has encountered a general error ", "Dropping request as configured in engine settings of HTTPS Inspection".<BR />Can you tell me what the problem might be?<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ddf73200-5c0d-4fba-a42c-2f60ba8bf5c2.jpg" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/21998i05C0F0AD321EFF0C/image-size/medium?v=v2&amp;px=400" role="button" title="ddf73200-5c0d-4fba-a42c-2f60ba8bf5c2.jpg" alt="ddf73200-5c0d-4fba-a42c-2f60ba8bf5c2.jpg" /></span></P><P> </P> Tue, 08 Aug 2023 09:49:48 GMT https://community.checkpoint.com/t5/General-Topics/https-inspection-drop/m-p/188898#M31672 Hllrdm 2023-08-08T09:49:48Z https://community.checkpoint.com/t5/General-Topics/https-inspection-drop/m-p/188901#M31674 <P>Look at the https settings:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="https.png" style="width: 637px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22000i6A703B1D79F59AEB/image-size/large?v=v2&amp;px=999" role="button" title="https.png" alt="https.png" /></span></P> <P>If it is on fail-close, the drop is not unexpected...</P> Tue, 08 Aug 2023 10:00:37 GMT https://community.checkpoint.com/t5/General-Topics/https-inspection-drop/m-p/188901#M31674 G_W_Albrecht 2023-08-08T10:00:37Z https://community.checkpoint.com/t5/General-Topics/https-inspection-drop/m-p/188903#M31675 <P>And if we use fast accel for this connection, in that case drops will also be there?</P> Tue, 08 Aug 2023 10:10:33 GMT https://community.checkpoint.com/t5/General-Topics/https-inspection-drop/m-p/188903#M31675 Hllrdm 2023-08-08T10:10:33Z https://community.checkpoint.com/t5/General-Topics/https-inspection-drop/m-p/188905#M31676 <P>Why the question - either the connection is https inspected or excluded from that. Acceleration should not make any difference afaik. Here, a probe is sent to the site that fails for some reason - used cipher not supported,&nbsp;SNI verification failed or else. I would do an exclusion for government websites as they should not contain malware and customer is connecting using special apps.</P> Tue, 08 Aug 2023 10:22:07 GMT https://community.checkpoint.com/t5/General-Topics/https-inspection-drop/m-p/188905#M31676 G_W_Albrecht 2023-08-08T10:22:07Z