topic Re: SSL enable websites not opening in Spark Firewall (SMB)

SSL enable websites not opening

humt — Thu, 30 Jan 2020 02:58:02 GMT

Appliance is 730 and fw is 70.20.87. I have enable the SSL inspection but the problem is some websites are not open such as https:\\support[.]kaspersky[.]com . I have created a ticket there also but the issue is still there. Even i have try to bypass it. But still not get success. Even CP support is trying but not get success yet. They are searching for more. It works with HTTPS categorization but not with SSL inspection.

This command run but no sucess yet. If some one knows , how to solve it. Please let me know asap.

ckp_regedit -a SOFTWARE//CheckPoint//FW1 CPTLS_ACCEPT_ECDHE 1 ckp_regedit -a SOFTWARE//CheckPoint//FW1 CPTLS_PROPOSE_ECDHE 1 ckp_regedit -a SOFTWARE//CheckPoint//FW1 CPTLS_EC_P384 1

Another issue-

And there are some websites which are showing not secure such as google.com etc. This issue is same in SSL only. At the time of opening, its shows secure but after 10-30minutes start showing not secure. This issue is with some websites only specially with internal pages.

Re: SSL enable websites not opening

PhoneBoy — Thu, 30 Jan 2020 04:26:49 GMT

This is an SMB appliance so the regedit commands you mention won't work.
Precise error messages you're experiencing when you are trying to access this site would helpful.
Also if you're trying to configure a bypass for HTTPS Inspection it needs to be configured according to what the CN of the site certificate says, which may be different from the URL you use to access the site.

Re: SSL enable websites not opening

humt — Thu, 30 Jan 2020 16:31:12 GMT

Well one issue resolved but in case Certificate issue. CP support told the same issue is there side also and saying the issue is from Website not from us. But i can see that issue occur with many websites. Connection Not secure having issue with many websites. This issue is occurring when i am enable the SSL inspection.

Re: SSL enable websites not opening

PhoneBoy — Thu, 30 Jan 2020 18:05:56 GMT

Have you installed the CA certificate on your local PC?

Re: SSL enable websites not opening

humt — Sat, 01 Feb 2020 04:14:45 GMT

Yes but still same issue.

Re: SSL enable websites not opening

PhoneBoy — Sat, 01 Feb 2020 18:14:30 GMT

Can you show what the certificate for the website looks like?

Re: SSL enable websites not opening

PhoneBoy — Mon, 03 Feb 2020 16:35:09 GMT

It looks like HTTPS Inspection is configured correctly on the gateway as the certificate presented in the browser per your PM.
However, the fact you are receiving errors means you have:

Not imported the CA key from the SMB device into the Certificate Store for your OS and/or Browser
Marked the CA key from your SMB device key as trusted

Until you do this correctly on the end user device, you will continue to receive these errors.
Refer to your OS/browser manufacturer for instructions on how to import (and trust) a new CA key.