- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hello,
A user needs to access a site which has a revoked certificate.
I accept to access on it, he does not need to authenticate or add any sensitive datas on it.
HTTPS inspection is not activate, but url filtering yes and it shows as Detect the revoked certificate
IPS and antivirus blades are activated as well.
The same pc connected to a different Internet connection can surf on it.
Categorizsed HTTPS website is activated as well, on general properties.
How can I grant user access to this site?
You posted this question in Harmony Browse space, yet you're asking this as if this is going through a gateway.
Confirm the product and versions/JHF in use.
In any case, by default, we validate the certificate ourselves and deny access if the certificate is revoked.
This can be changed.
In R82, this can be done in SmartConsole:
In R81.20 and earlier, it must be done in SmartDashboard:
In either case, it requires publishing and installing the Access Policy to take effect.
I think that server certificate setting is only applicable though if they have https inspection enabled?
Andy
It's also used as part of Verified SNI.
Thank you for the information.
My version is R81.20 Take 99.
So even if HTTPS inspection has not been configured, the default option "Revoked server certificate" is performed, so it drop the communication.
Checking log, it shows only Detect and this let me think that the behaviour is not to block it, but just to inform, but I'm wrong.
If I'm going to disable this option, I understand it is global for all sites, I was hoping there was a way to create an exception.
Perhaps I was mistaken that this setting is used for Verified SNI.
It definitely is for HTTPS Inspection, and yes this is a global setting.
No action is required here, but that explains the error.
I would definitely see if you can install R81.20 with recommended jumbo hotfix 105 and see if that fixes the issue.
Andy
I have noticed, for domains where I upgraded from R81.20 to R81.20, the install option is not enabled by default.
On domains where the firewall have been installed on R81.20, this option is enabled by default.
Thats right.
Do you have screenshot of it?
Andy
Try to make bypass rule above the current https inspection rule. Instead of url use the ip of the relevant website.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 1 |
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY