https://community.checkpoint.com/t5/Spark-Firewall-SMB/site-blocked-internet-server-reset-connection/m-p/57176#M2220 <P>Hi everyone, I've some cases, but I'll post each one separetelly.</P><P>I opened traffic to load images from arduino.cc site. Arduino use flickr service to show its images inside the portal.<BR />First I tried with * .flickr.com and *.staticflickr.com, something similar worked well with other sites, but unfortunately this time it did not work. After a few hours I resolved it with regular expressions:</P><P>(^ |. * \.) * staticflickr \ .com<BR />(^ |. * \.) * flickr \ .com</P><P>Now I try to open traffic to <A href="http://www.manageengine.com" target="_blank">www.manageengine.com</A>, but no custom application works properly:</P><P>* .manageengine.com<BR />manageengine.com<BR />(^ |. * \.) * manageengine \ .com (this as a regular expression in another app)<BR />The browser sends an error ERR_CONNECTION_RESET.</P><P>In wireshark I can see that the manageengine.com server resets the connection.</P><P>If I open all internet traffic to single local ip address, <A href="http://www.manageengine.com" target="_blank">www.manageengine.com</A> load without problem in that host.&nbsp;</P><P>What am I doing wrong? Why in some cases did it work for me and not in this one?</P><P><span class="lia-inline-image-display-wrapper lia-image-align-right" image-alt="error-manageengine.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/1764iB7B11293FDDCC802/image-size/large?v=v2&amp;px=999" role="button" title="error-manageengine.png" alt="error-manageengine.png" /></span></P> Mon, 01 Jul 2019 21:22:26 GMT LuisSP 2019-07-01T21:22:26Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/site-blocked-internet-server-reset-connection/m-p/57176#M2220 <P>Hi everyone, I've some cases, but I'll post each one separetelly.</P><P>I opened traffic to load images from arduino.cc site. Arduino use flickr service to show its images inside the portal.<BR />First I tried with * .flickr.com and *.staticflickr.com, something similar worked well with other sites, but unfortunately this time it did not work. After a few hours I resolved it with regular expressions:</P><P>(^ |. * \.) * staticflickr \ .com<BR />(^ |. * \.) * flickr \ .com</P><P>Now I try to open traffic to <A href="http://www.manageengine.com" target="_blank">www.manageengine.com</A>, but no custom application works properly:</P><P>* .manageengine.com<BR />manageengine.com<BR />(^ |. * \.) * manageengine \ .com (this as a regular expression in another app)<BR />The browser sends an error ERR_CONNECTION_RESET.</P><P>In wireshark I can see that the manageengine.com server resets the connection.</P><P>If I open all internet traffic to single local ip address, <A href="http://www.manageengine.com" target="_blank">www.manageengine.com</A> load without problem in that host.&nbsp;</P><P>What am I doing wrong? Why in some cases did it work for me and not in this one?</P><P><span class="lia-inline-image-display-wrapper lia-image-align-right" image-alt="error-manageengine.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/1764iB7B11293FDDCC802/image-size/large?v=v2&amp;px=999" role="button" title="error-manageengine.png" alt="error-manageengine.png" /></span></P> Mon, 01 Jul 2019 21:22:26 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/site-blocked-internet-server-reset-connection/m-p/57176#M2220 LuisSP 2019-07-01T21:22:26Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/site-blocked-internet-server-reset-connection/m-p/57491#M2242 It has to do with the certificate provided by manageengine.com.<BR />Specifically, it's not providing a CN or DN for us to match against.<BR />And, unless you're either using HTTPS Inspection or R80.30, we can't see what server you're trying to connect to (R80.30 supports Verified SNI).<BR />The RST is because it's HTTPS and we cannot inject a block page.<BR /><BR />Perhaps you can create a signature using the Application Control Signature Tool instead.<BR />See: <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk103051" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk103051</A> Thu, 04 Jul 2019 20:17:56 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/site-blocked-internet-server-reset-connection/m-p/57491#M2242 PhoneBoy 2019-07-04T20:17:56Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/site-blocked-internet-server-reset-connection/m-p/57500#M2245 <P>I use https categorization, so if I understand correctly, the FW in this configuration can compare the SUBJECT | CN property, but it does not verify the SUBJECT ALT NAME, where the domain of the site I want to access resides, and therefore the browser complains indicating that a secure connection could not be established (SECURE CONNECTION FAILED .... enfirefox) ... please confirm if I am correct.</P><P>My options are:<BR />use the Application Control Signature Tool and test it.<BR />Activate https inspection</P><P>I already verified with https inspection and yes it works. I want to try the first option too.</P><P>I notified you after the result.</P> Thu, 04 Jul 2019 23:14:57 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/site-blocked-internet-server-reset-connection/m-p/57500#M2245 LuisSP 2019-07-04T23:14:57Z