https://community.checkpoint.com/t5/SASE-and-Remote-Access/Https-Inspection-Bypass-checkpoint-capsule-connect/m-p/86222#M30 <P>Hello,</P><P>we use the Checkpoint Caspusle Connect Client (Cloud Firewall) with HTTPS Inspection enabled and wanted to call the URL <A href="https://www.xing.com" target="_blank">https://www.xing.com</A>. However when the cloud client is connected, we can't call this URL. We only get the notification, that the site is not available. When we disconnect the cloud client, we can call this URL without any problem.</P><P>So we tried to bypass this site from the HTTPS inspection (*.xing.com in the cloud portal) however this also doesn't work. So we tried to analyse the traffic with "Fiddler" and there we see that the HTTPS handshake to <A href="http://www.xing.com" target="_blank">www.xing.com</A>&nbsp;failed, because the stream was closed.&nbsp;</P><P>It seems that the https bypass not really works. Does anybody know how we can bypass the traffic to xing?</P><P>Best regards</P> Mon, 25 May 2020 13:18:24 GMT hw 2020-05-25T13:18:24Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Https-Inspection-Bypass-checkpoint-capsule-connect/m-p/86222#M30 <P>Hello,</P><P>we use the Checkpoint Caspusle Connect Client (Cloud Firewall) with HTTPS Inspection enabled and wanted to call the URL <A href="https://www.xing.com" target="_blank">https://www.xing.com</A>. However when the cloud client is connected, we can't call this URL. We only get the notification, that the site is not available. When we disconnect the cloud client, we can call this URL without any problem.</P><P>So we tried to bypass this site from the HTTPS inspection (*.xing.com in the cloud portal) however this also doesn't work. So we tried to analyse the traffic with "Fiddler" and there we see that the HTTPS handshake to <A href="http://www.xing.com" target="_blank">www.xing.com</A>&nbsp;failed, because the stream was closed.&nbsp;</P><P>It seems that the https bypass not really works. Does anybody know how we can bypass the traffic to xing?</P><P>Best regards</P> Mon, 25 May 2020 13:18:24 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Https-Inspection-Bypass-checkpoint-capsule-connect/m-p/86222#M30 hw 2020-05-25T13:18:24Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Https-Inspection-Bypass-checkpoint-capsule-connect/m-p/86267#M31 Recommend a TAC case.<BR />I suspect (without having done the troubleshooting) that there is an incompatibility with TLS ciphers between this site and what is supported by the Capsule Cloud infrastructure.<BR />In this case, the only way a bypass would work is if you bypass the site by IP address. Mon, 25 May 2020 20:31:23 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Https-Inspection-Bypass-checkpoint-capsule-connect/m-p/86267#M31 PhoneBoy 2020-05-25T20:31:23Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Https-Inspection-Bypass-checkpoint-capsule-connect/m-p/86279#M32 <P>Thanks for the answer. I will open a checkpoint case.</P> Tue, 26 May 2020 04:38:58 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Https-Inspection-Bypass-checkpoint-capsule-connect/m-p/86279#M32 hw 2020-05-26T04:38:58Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Https-Inspection-Bypass-checkpoint-capsule-connect/m-p/89586#M33 <P>Not sure if you solved the issue already but for others who may come across the same problem, Check Point Capsule Connect doesn't support IP addresses in https inspection bypass rules. The quickest way to solve this is to exclude the IP / URL from web management interface (cloud.checkpoint.com)</P> Tue, 23 Jun 2020 17:35:40 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Https-Inspection-Bypass-checkpoint-capsule-connect/m-p/89586#M33 Bekir_Aldemir2 2020-06-23T17:35:40Z