https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/website-is-not-dispalyed/m-p/113285#M447 <P>You have a kinda old setup R80.20SP&nbsp;<SPAN>Take 191 (2 Dec 2019, GA from 05 Jan 2020), strongly advice to upgrade it. The website is only allowing TLS 1.2 and only one strong cipher suite</SPAN></P><P><SPAN>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, old GW TLS engine and old ciphers are your problem.</SPAN></P> Fri, 12 Mar 2021 08:57:17 GMT Martin_Raska 2021-03-12T08:57:17Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/website-is-not-dispalyed/m-p/113170#M443 <P>Hi team - for some reason this website is not dispalyed. outside the gateway is working fine.</P><P>TLSv1 is disabled, but for some reason the gateway is still using TLSv1 to connect on behalve the user.</P><P>We made a https bypass, but no succes &nbsp;</P><P>The exact message displyaed is:</P><P>This page can’t be displayed</P><P>Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to <STRONG><A href="https://lft.ema.kpmg.com" target="_blank">https://lft.ema.kpmg.com</A> </STRONG>again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 <A href="http://go.microsoft.com/fwlink/?LinkId=735074" target="_blank">(link for the details)</A>, which is not considered secure. Please contact your site administrator.</P><P>&nbsp;</P><P>do you have any suggestion for this? thank you</P><P>Khalid</P> Thu, 11 Mar 2021 13:50:16 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/website-is-not-dispalyed/m-p/113170#M443 Khalid 2021-03-11T13:50:16Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/website-is-not-dispalyed/m-p/113239#M444 <P>What version/JHF level is the gateway?<BR />Is HTTPS Inspection enabled?<BR />What do you see in the gateway logs when you try and access the site?</P> Thu, 11 Mar 2021 21:02:11 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/website-is-not-dispalyed/m-p/113239#M444 PhoneBoy 2021-03-11T21:02:11Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/website-is-not-dispalyed/m-p/113275#M445 <P>Hi PhoneBoy, Tank you for reply</P><P>What version/JHF level is the gateway? &gt;&gt; R80.20SP/T191<BR />Is HTTPS Inspection enabled? &gt;&gt;Yes enabled<BR />What do you see in the gateway logs when you try and access the site?&gt;&gt; the traffic is allowed&nbsp;</P><P>We observed in the TCPDUMP that the gateway is sending TLSv1 but the website is using TLSv1.2. possible the cause of the issue but not sure.</P><P>Thank you</P> Fri, 12 Mar 2021 06:45:18 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/website-is-not-dispalyed/m-p/113275#M445 Khalid 2021-03-12T06:45:18Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/website-is-not-dispalyed/m-p/113276#M446 <P>You may debug that as per&nbsp;<SPAN>sk105559</SPAN></P> Fri, 12 Mar 2021 07:03:40 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/website-is-not-dispalyed/m-p/113276#M446 Vincent_Bacher 2021-03-12T07:03:40Z https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/website-is-not-dispalyed/m-p/113285#M447 <P>You have a kinda old setup R80.20SP&nbsp;<SPAN>Take 191 (2 Dec 2019, GA from 05 Jan 2020), strongly advice to upgrade it. The website is only allowing TLS 1.2 and only one strong cipher suite</SPAN></P><P><SPAN>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, old GW TLS engine and old ciphers are your problem.</SPAN></P> Fri, 12 Mar 2021 08:57:17 GMT https://community.checkpoint.com/t5/Hyperscale-Firewall-Maestro/website-is-not-dispalyed/m-p/113285#M447 Martin_Raska 2021-03-12T08:57:17Z