This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
George_Sas
Collaborator
a week ago
Jump to solution

Bypass HTTPS Inspection not working as intended ?

Hello guys

For some testing and debugging , I am trying to bypass everything on "deploy.static.akamaitechnologies.com".

Made a custom app like this :
customapp.png

Then made a HTTPS bypass rule on my outbound Policy and added it to the bypass.
This rule is right at the top as rule number 4 but when I look on the firewall logs I still see the "a95-100-154-113.deploy.static.akamaitechnologies.com (95.100.154.113)" is inspected ?

https.png

 

Why ? What I am doing wrong ? ... I'm out of ideas.

0 Kudos
2 Solutions

Accepted Solutions
simonemantovani
MVP
MVP
a week ago
Jump to solution

in my opinion, but I accept to be proven wrong, the issue is related to the certificate used by those sites, could you try using domain object?

View solution in original post

(1)
TurgutKaplanogl
MVP
MVP
a week ago
Jump to solution

Hello

Because deploy.static.akamaitechnologies.com  is a reverse DNS record, but you are creating a URL definition for the bypass. For this specific log you can define the bypass by creating a domain/FQDN object or if it is an accessed URL you can create the definition by specifying that URL.

TK

View solution in original post

(1)
6 Replies
simonemantovani
MVP
MVP
a week ago
Jump to solution

in my opinion, but I accept to be proven wrong, the issue is related to the certificate used by those sites, could you try using domain object?

(1)
George_Sas
Collaborator
a week ago
In response to simonemantovani
Jump to solution

Seems so , I added the destination as Domain ".deploy.static.akamaitechnologies.com" and this solved the issue.
And I came to same conclusion when I saw that some host onm akamaitechnologies.com was classified as "m365cdn.nel.measure.office.net" and some other host came just as IP.

 

Thanks.

0 Kudos
TurgutKaplanogl
MVP
MVP
a week ago
Jump to solution

Hello

Because deploy.static.akamaitechnologies.com  is a reverse DNS record, but you are creating a URL definition for the bypass. For this specific log you can define the bypass by creating a domain/FQDN object or if it is an accessed URL you can create the definition by specifying that URL.

TK

(1)
George_Sas
Collaborator
a week ago
In response to TurgutKaplanogl
Jump to solution

Well , well , well...

Did not help 😞
I can see HTTPS inspection on a95-100-155-104.deploy.static.akamaitechnologies.com (95.100.155.104)

I defined my rule like :

Source : Any

Destination : Domain .deploy.static.akamaitechnologies.com
domain.png
Services : HTTPS Default services (https , 8080 )
Action Bypass

And I still get traffic inspected ?

0 Kudos
George_Sas
Collaborator
a week ago
In response to simonemantovani
Jump to solution

Will test now. Btw this SK is GOLD for me in regards to domo_reverse_lookup ... think I found another solution for a problem that I had for LONG time 🙂

Will update you tomorrow.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events