https://community.checkpoint.com/t5/General-Topics/problem-with-access-to-the-site/m-p/214238#M35420 <P>As part of SNI verification (App Control with or without HTTPS Inspection, and with HTTPS Inspection), we initiate a connection from the gateway to verify the SAN of the target site.<BR />That part is expected behavior.</P> Tue, 14 May 2024 21:53:38 GMT PhoneBoy 2024-05-14T21:53:38Z https://community.checkpoint.com/t5/General-Topics/problem-with-access-to-the-site/m-p/214133#M35394 <P>Good afternoon</P><P>There is a problem with access to the site.<BR />The site support said that there is no blocking of our external addresses.<BR />We see duplicate logs: for some reason, in addition to user traffic, we see that there is traffic from the checkpoint itself to the site. That is, both users and checkpoint are accessing the resource.<BR /><BR />Previously, we saw that traffic was coming only from user networks. But now we see in the logs connections from both user networks and CheckPoint's external address.</P><P>Can you tell me if this is normal? Also in the traffic dumps we see TCP Retransmission.</P> Tue, 14 May 2024 09:14:31 GMT https://community.checkpoint.com/t5/General-Topics/problem-with-access-to-the-site/m-p/214133#M35394 Oliver_222 2024-05-14T09:14:31Z https://community.checkpoint.com/t5/General-Topics/problem-with-access-to-the-site/m-p/214142#M35396 <P>I think we are missing several key bits of information to be able to help, for example:</P> <P>Is HTTPS inspection used and which version/JHF is the gateway?</P> <P>Are you able to share details of the problematic site, is it isolated to this site?</P> <P>Is the traffic just NAT/d by the gateway or is it also acting as a proxy?</P> Tue, 14 May 2024 12:31:16 GMT https://community.checkpoint.com/t5/General-Topics/problem-with-access-to-the-site/m-p/214142#M35396 Chris_Atkinson 2024-05-14T12:31:16Z https://community.checkpoint.com/t5/General-Topics/problem-with-access-to-the-site/m-p/214152#M35397 <P>Yes, HTTPS inspection is enabled. Earlier we saw logs about HTTPS inspection, but now we don't see them: we only see accept logs of users and the Security Gateway.<BR />3000 Appliance R81.10 Take: 87</P><P>The site <A href="https://jazz.sber.ru" target="_blank">https://jazz.sber.ru</A> , it is designed for video calls.</P><P>We use the automatic hide NAT rule for the user network object.</P> Tue, 14 May 2024 12:47:42 GMT https://community.checkpoint.com/t5/General-Topics/problem-with-access-to-the-site/m-p/214152#M35397 Oliver_222 2024-05-14T12:47:42Z https://community.checkpoint.com/t5/General-Topics/problem-with-access-to-the-site/m-p/214160#M35403 <P>Some things to consider:</P> <P>- Check Trusted CA list is up to date</P> <P>- Is QUIC traffic handled in the environment&nbsp;</P> <P>- Upgrading Jumbo take</P> <P>- Recent documented change in Chrome behavior</P> Tue, 14 May 2024 13:12:56 GMT https://community.checkpoint.com/t5/General-Topics/problem-with-access-to-the-site/m-p/214160#M35403 Chris_Atkinson 2024-05-14T13:12:56Z https://community.checkpoint.com/t5/General-Topics/problem-with-access-to-the-site/m-p/214238#M35420 <P>As part of SNI verification (App Control with or without HTTPS Inspection, and with HTTPS Inspection), we initiate a connection from the gateway to verify the SAN of the target site.<BR />That part is expected behavior.</P> Tue, 14 May 2024 21:53:38 GMT https://community.checkpoint.com/t5/General-Topics/problem-with-access-to-the-site/m-p/214238#M35420 PhoneBoy 2024-05-14T21:53:38Z