Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Iron

HTTPS Inspection Not Working

Jump to solution

Hello,

I recently stood up a standalone R80.40 gateway in a lab environment to perform some testing for policy changes to support Office 365. I'm working through a scenario with a customer who has HTTPS inspection enabled globally, but I'm unable to get inspection working on my lab gateway. I've enabled HTTPS Inspection on the Gateway, have verified the HTTPS Inspection Policy is what I want, and have adjusted the Topology so respective interfaces are configured appropriately. 

There's not much to configure here, so I'm beating my head against a wall trying to figure out why this appliance isn't inspecting outbound HTTPS traffic. Any help would be appreciated!

 

0 Kudos
1 Solution

Accepted Solutions
Highlighted

Hi @DarrenR 

A few more tips:
1) Did you import the outbound certificate correctly in the browser?
2) Are there log entries for https inspection? If so, please take a picture.
3) Is the https interception enabled in the protocol tab?
ht1.JPG

4) Set "Internet" instead of "all internet" in the destination:
ht2.JPG

View solution in original post

Tags (1)
5 Replies
Highlighted
Admin
Admin
Screenshots of exactly what you've configured, what logs are getting generated with the relevant traffic would help.
Feel free to redact sensitive details.
Highlighted
Iron

Here are a few screenshots of the configuration and I've followed the guide here when putting this in place. 

firewall-policy.jpgfirewall-topology.jpghttps-inspection-configuration.jpghttps-inspection-policy.jpgoutbound-logs-no-inspection.jpg

0 Kudos
Highlighted
Admin
Admin
Your HTTPS Inspect rulebase should be more specific.
Specifically, the source should be the specific subnets from which you have traffic HTTPS inspected, not something general like any.
The destination of this rule can be any, not sure it works with the "All_Internet" object.
Second, for performance reasons, your last rule should always be any any bypass.
Highlighted

Hi @DarrenR 

A few more tips:
1) Did you import the outbound certificate correctly in the browser?
2) Are there log entries for https inspection? If so, please take a picture.
3) Is the https interception enabled in the protocol tab?
ht1.JPG

4) Set "Internet" instead of "all internet" in the destination:
ht2.JPG

View solution in original post

Tags (1)
Highlighted
Iron

Boom! I missed the enabling the protocol signature. Thanks!

0 Kudos