Hey Chris,

I did that while back actually, but never received any feedback about it. I will keep trying and see if I can somehow make it work.

This slipped past me as well, as you say it's mentioned in the release notes for R82.10

https://sc1.checkpoint.com/documents/R82.10/WebAdminGuides/EN/CP_R82.10_SecurityManagement_AdminGuid...

All good brother...none of us are supermen/AIs/robots 😁

Funny - I've been looking at HTTPs inspection recently and wanted exactly the same thing i.e hitcount on outbound https policy.

Now - may not be specific to this thread, but the fact you need a SubCA certificate to do HTTPs inspect was also a challenge if I wanted this signed by the clients PrivateCA, basically there is no way they would do that.

I have however created a PrivateCA certificate using OpenSSL (in this way I can add more values to it), and then created a Server Certificate from this with SANs;  This is then used for UserCheck.

In this way only the PrivateCA's public cert needs to be imported into the end users devices.

Happy to share the commands used for OpenSSL with the exact parameters that worked for me (Clearly changing the values though).

When testing the only issue I've seen, which is odd, was with cnn.com (have a TAC case open for this).

my HTTPs inspection policy also has all the updateable object with'bypass' in them, as well for Bypass. The SK related to this need to be updated with these additional value as its not been updated since around 2022 (send feedback on this to Checkpoint, via the SK).

Hey mate,

I tried so many times to see if there is guidbedit setting that can be modified to make this work, but no matter what I try, does not work. O well, now we know its present in R82.10. I still wont give up, will try to make it work on my lab. My mgmt is R82, but cluster is still R81.20, thats cluster where I have my lab win 11 machine "subjected" to ssl inspection.