Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Contributor

Dropbox and SSL Inspection

Jump to solution

Hi! Has anyone using r80.30 been able to get Dropbox client to work with SSL Inspection turned on? I can't get the client to connect. When I turn off SSL inspection for the site it connects immediately.  

I found this article but it does not seem to apply to my version as there already is a dropbox application and there is no "accept" option in the HTTP Ispection (just bypass or inspect)

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

We only have a few users still on Dropbox but this does not seem to be the kind of traffic you want to turn httpsinspection off on.

Any assistance is appreciated. 

thanks

terri

dropbox.png

0 Kudos
Reply
1 Solution

Accepted Solutions
Admin
Admin
Dropbox in particular uses Certificate Pinning, which makes HTTPS Inspection on this traffic impossible as the application will never trust our certificate.
We have Dropbox (and several other apps) as an Updatable Object precisely so it can be easily bypassed in the HTTPS Inspection policy in R80.40 and above.

View solution in original post

3 Replies
Admin
Admin
Dropbox in particular uses Certificate Pinning, which makes HTTPS Inspection on this traffic impossible as the application will never trust our certificate.
We have Dropbox (and several other apps) as an Updatable Object precisely so it can be easily bypassed in the HTTPS Inspection policy in R80.40 and above.

View solution in original post

Contributor

Thank you for the response. We are still on 80.30, but if 80.40 allows updateable objects in the https inspection policy we may need to look at it more closely. 

Thanks again!

terri

0 Kudos
Reply
Admin
Admin

With certificate pinning, you cannot implement "man in the middle", so no inspection. You can either bypass or disallow access. 

0 Kudos
Reply