cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Checkpoint 5600 v80.10. Internet Surfing Issues

We purchased a checkpoint 5600 device 2 months ago to replace our ageing URL/Firewall device we where expecting to have issues but not the ones we are currently experiencing with standard feature.
1) First issue we have a active user base of around 310 with internet access but we are finding randomly it displays a "this site can't be reached" like no internet connection, refreshing the page will load without any issues correctly. (I've been told by checkpoint support this is by designed).
2) Second Issue, A user can be surfing when visiting a new website it displays the checkpoint this website is blocked. (The website shouldnt be blocked) when the user refreshes the page it loads correctly.   (Waiting on feedback from checkpoint support on this one)
3) Third Issue. Which I think is linked to both if the user gets issue 1 sometime the page will display a partial load again refreshing the page normally resolve this.
4) Fourth Issue, https inspection causes a number of issues with website we visit, a exception rule as been created for websites we are having problems with but this list is growing larger by the day.
Any feedback on any of the below would be great or if you're experiencing the same issues or had these issues and managed to resolve them.
Cheers
0 Kudos
1 Reply
Admin
Admin

Re: Checkpoint 5600 v80.10. Internet Surfing Issues

Let's see if I can address each of these issues:

1. "Page cannot be displayed" may happen for a variety of reasons. If the users in question are not subject to HTTPS Inspection and the site in question is HTTPS, it could be because the site is blocked. In that case, it's expected behavior. If that's not the case, you would need to do some further troubleshooting to understand why.

2 and 3 (and possibly 1) are probably related to the following setting. If set to "Hold" what you're seeing is expected behavior. The default setting here is "Background" and will allow communication until the site is properly categorized. 

(In R77.30, this setting can be reached in SmartConsole by going to the Application & URL Filtering tab > Advanced > Engine Settings)

4. There are various sites/applications that do not work for HTTPS Inspection. The most common reasons are because of certificate pinning or sites requiring ciphers not supported by HTTPS Inspection. For maximum compatibility, the latest jumbo hotfix is usually required, though confirm this with the TAC.