topic Re: Ordering bypass rules in Spark Firewall (SMB)

Ordering bypass rules

LuisSP — Wed, 08 May 2019 01:21:43 GMT

Hello checkmates! I've a client with NGFW 1490, blades enables are:

AppCtrl & UrlF
UsrAw
IPS
AV
AB
VPN RemAcc
Beside https categorization

The Version is : R77.20.85 (990172755).

Recently I have activated SSL-inspection, which was activated some time ago for a short period of time because drawbacks during browsing on internet.

Nowadays, the problems previously presented mostly resolved with the build 990172755 (I know that exist update R77.20.86).

However, now there is a new issue, some https web sites shown time-out errors on browsers (chrome, mozilla, edge), Such error don't been show before, that's mean with ssl-inspection disable.

DNS server is local. Inclusive I put in file HOST (pc's windows) the ip addres and domain name of trouble's web sites to resolve locally on client, but issue persist.

Lastly, I put a exception to these web sites, but I don't think that is best idea.

Can you help me please?

Re: Ordering bypass rules

PhoneBoy — Thu, 09 May 2019 00:34:39 GMT

Are these HTTPS sites by chance that might be blocked by your policy?
Any clues in the logs or using tcpdump/fw monitor?

Re: Ordering bypass rules

LuisSP — Thu, 09 May 2019 17:32:38 GMT

I failed to comment that it is possible to access these sites and navigate through them, but the error of time-out constantly appears.

Even, although less consistently, I already reported that the error is already presented with the gmail portal, which is one of the most used in the company.

Tonight I will run the fw monitor to be able to answer your question, although it will not be with the normal traffic load.