This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nikolas135096
Participant
Tuesday
Jump to solution

HTTPS Inspection is always bypassed - "Inspection is not Required"

Hi community,

I’m running into an issue with HTTPS Inspection and would appreciate your insights.

I’ve configured HTTPS Inspection to the best of my knowledge:

* HTTPS Inspection is enabled on the firewall
* There is an outbound rule with the action set to **Inspect**
* The inspection certificate is properly installed on the client

However, inspection is never actually triggered. All traffic is consistently marked as **Bypass**, with the reason: *“Inspection is not required.”*

Has anyone encountered this behavior before or knows what could cause this? Are there specific conditions, rulebase settings, or blade interactions that might lead to traffic being skipped with this message?

It's an Open server with R82 Take 91.

Thanks in advance!

Niko

Labels
Preview file
47 KB
0 Kudos
1 Solution

Accepted Solutions
Bob_Zimmerman
MVP Gold
MVP Gold
Wednesday
Jump to solution

Do you have a rule which needs to see inside the traffic? For example, are you applying AV scanning?

HTTPS Inspection isn't an end in itself. It's a feature to allow other inspection to work. If there's no other inspection which depends on it, maybe the firewall doesn't insert itself into the TLS negotiation because inspection is not required.

View solution in original post

(1)
7 Replies
PhoneBoy
Admin
Admin
Tuesday
Jump to solution

Most likely, this is going to require a TAC case.
I've never seen this message myself and don't see it mentioned in any TAC cases.

the_rock
MVP Diamond
MVP Diamond
Tuesday
Jump to solution

Never seen it either...

Best,
Andy
"Have a great day and if its not, change it"
Nikolas135096
Participant
Wednesday
Jump to solution

Thanks a lot for your fast replies. I'll open a TAC case.

the_rock
MVP Diamond
MVP Diamond
Wednesday
In response to Nikolas135096
Jump to solution

Let us know how it goes.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
Wednesday
Jump to solution

Do you have a rule which needs to see inside the traffic? For example, are you applying AV scanning?

HTTPS Inspection isn't an end in itself. It's a feature to allow other inspection to work. If there's no other inspection which depends on it, maybe the firewall doesn't insert itself into the TLS negotiation because inspection is not required.

(1)
Nikolas135096
Participant
yesterday
In response to Bob_Zimmerman
Jump to solution

You're absolutely right. As soon as I enabled Threat Prevention, the traffic was inspected. Thank you very much!

Interestingly, even the support team hadn't seen that message before.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
Wednesday
Jump to solution

I just ran your screenshot through chatgpt and below iw aht it gave me. Not sure if you can double check these points:

*****************************

 

This screenshot is from a Check Point log (likely SmartLog / SmartConsole), and it’s showing how a specific connection was handled by your security policy.

Here’s what each field means:

Action: HTTPS Bypass

  • The traffic matched a rule that bypasses HTTPS inspection.
  • In plain terms: the firewall did NOT decrypt or inspect the SSL/TLS traffic.

Action Reason: Inspection is not Required

  • This explains why it was bypassed.
  • The policy determined that this connection is trusted or excluded, so deep inspection wasn’t necessary.

Policy Management: NK-CP-MGMT

  • This is the management server that pushed the policy.

Policy Name: IDAwarenessPolicy

  • The connection matched a rule inside your Identity Awareness policy.
  • Likely tied to user/group-based rules rather than just IP/port.

Policy Date: Yesterday, 16:51:30

  • Timestamp of when the policy currently installed on the gateway was applied.

What this means overall

Traffic matched a rule that explicitly says:

“Allow HTTPS traffic without SSL inspection.”

This is commonly done for:

  • Trusted domains (banking, Microsoft, etc.)
  • Privacy-sensitive traffic
  • Applications that break under SSL inspection
  • Performance optimization

Why this matters

Because it was bypassed:

  • No SSL decryption happened
  • No deep threat inspection inside the encrypted payload
  • Only basic inspection (IP, port, SNI, etc.) was applied

If you’re troubleshooting

This log tells you:

  • If you expected HTTPS inspection → your rulebase is bypassing it
  • If something is being missed (e.g., malware detection) → this could be why
Best,
Andy
"Have a great day and if its not, change it"

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events