This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Quilcaille_Nico
Explorer
‎2018-07-23 01:22 AM
Jump to solution

GotoAssist doesn't work when Inspection SSL is enable

Hello,

We have a problem to acces at the website GoToAssist

We have identified the problem. The problem appears when the SSL inspextion is enable and we had to applicate a bypass rule but it worked before.

We had see for example in fortinet KB activate a bypass rule, sonicwall change the Cipher Method from Default to AES256-SHA or AES128-SHA or 3DES-SHA or RC4-MD5 to resolve this problem.

Have you an idea ?

Best Regard's

0 Kudos
3 Solutions

Accepted Solutions
Norbert_Bohusch
Advisor
‎2018-07-23 04:51 AM
Jump to solution

I assume that GoToAssist is like GoToMeeting and this is mentioned here: Several HTTPS web sites and applications might not work properly when HTTPS Inspection is enabled on... 

View solution in original post

Michael_Gabriel
Explorer
‎2019-10-02 09:13 AM
In response to Gregory_Link
Jump to solution

Greg,

On the App/URL Filter tab, go to Applications/Sites --> New -->  Category.  Name it SSL_Bypass.

Same tab, go to Applications/Sites --> New --> Application/Site.  Name it GoToMeeting, click next.

On the next screen, add all of the URLs listed in the following support page: 

https://support.logmeininc.com/gotomeeting

Make sure you use wildcards where indicated.  On next screen give it a category of SSL_Bypass.

I did not find it necessary to whitelist any of the IPs or ports listed, just the URLs.

Create a rule under HTTPS Inspection policy.  Make sure there are NO inspection rules above this bypass rule (all of your bypass rules should be at the top of your policy)

"Some Name" | src:Any | dst:Internet | services: http/https | site category: SSL_Bypass | action: Bypass

 

 

 

View solution in original post

0 Kudos
_Val_
Admin
Admin
‎2019-10-02 11:15 PM
Jump to solution

It does not work because of certificate pinning.

 

Looks here and act accordingly: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

View solution in original post

0 Kudos
13 Replies
Norbert_Bohusch
Advisor
‎2018-07-23 04:51 AM
Jump to solution

I assume that GoToAssist is like GoToMeeting and this is mentioned here: Several HTTPS web sites and applications might not work properly when HTTPS Inspection is enabled on... 

Michael_Gabriel
Explorer
‎2019-05-03 09:47 AM
Jump to solution

The proposed solution in Sk112214 did not address the situation with GoToMeeting.  Has anyone come up with a work around apart from turning off HTTPS inspection?

0 Kudos
Gregory_Link
Contributor
‎2019-10-02 08:41 AM
In response to Michael_Gabriel
Jump to solution

I'm running into this issue to. Michael, did you have any luck?
0 Kudos
Danny
Champion Champion
Champion
‎2019-10-02 08:58 AM
In response to Gregory_Link
Jump to solution

Create an HTTPS inspection bypass, that should help.

0 Kudos
Gregory_Link
Contributor
‎2019-10-02 09:05 AM
In response to Danny
Jump to solution

While I see that as an option I'm trying to figure out if there is something else going on here. I was told that our apps team had no issues with GoToMeeting earlier in the week before I upgraded Checkpoint Management and Log Servers from R80.20 Take_87 -> Take_103. Would this possibly have had anything to do with it or just a coincidence?
0 Kudos
Danny
Champion Champion
Champion
‎2019-10-02 09:08 AM
In response to Gregory_Link
Jump to solution

You could easily go back to the older JHF take and test again to be sure.

0 Kudos
Gregory_Link
Contributor
‎2019-10-02 09:18 AM
In response to Danny
Jump to solution

Here is what I have in the log.
Date is Wed Jul 17 23:19:30 2019
HFA index is R80_20_JUMBO_HF
Path is /opt/CPsuite-R80.20/fw1/lib/
implied_rules.def was updated
te.def was updated
===========================================================
Date is Wed Jul 17 23:21:48 2019
HFA index is R80_20_JUMBO_HF
Path is /opt/CPR77CMP-R80.20/lib/

******* Warning : te.def had no signature file to compare to this will be considered as a match
vpn_table.def was updated
te.def was updated
===========================================================
Date is Mon Sep 30 12:27:04 2019
HFA index is R80_20_JUMBO_HF
Path is /opt/CPsuite-R80.20/fw1/lib/

******** implied_rules.def was changed by user, signature didn't match!
===========================================================
Date is Mon Sep 30 12:30:06 2019
HFA index is R80_20_JUMBO_HF
Path is /opt/CPR77CMP-R80.20/lib/
/opt/CPR77CMP-R80.20/lib//vpn_table.def wasn't backed up, the backup file already exists
/opt/CPR77CMP-R80.20/lib//te.def wasn't backed up, the backup file already exists
vpn_table.def was updated
te.def was updated
[Expert@GW-MGMT:0]#
0 Kudos
Gregory_Link
Contributor
‎2019-10-02 09:09 AM
In response to Gregory_Link
Jump to solution

I received this notification after the take upgrade, but didn't think anything of it.  I contacted Checkpoint Support and they didn't feel it was an issue.

 

• Additional Info:
fw1/bin/hook_fw1_wrapper_HOTFIX_R80_20_JUMBO_HF_MAIN: The updated inspect files were NOT installed due to signature mismatches or error. To process further please refer to sk116455.

0 Kudos
Gregory_Link
Contributor
‎2019-10-02 09:29 AM
In response to Gregory_Link
Jump to solution

Output of log below - Any concern here?
Date is Wed Jul 17 23:19:30 2019
HFA index is R80_20_JUMBO_HF
Path is /opt/CPsuite-R80.20/fw1/lib/
implied_rules.def was updated
te.def was updated
===========================================================
Date is Wed Jul 17 23:21:48 2019
HFA index is R80_20_JUMBO_HF
Path is /opt/CPR77CMP-R80.20/lib/

******* Warning : te.def had no signature file to compare to this will be considered as a match
vpn_table.def was updated
te.def was updated
===========================================================
Date is Mon Sep 30 12:27:04 2019
HFA index is R80_20_JUMBO_HF
Path is /opt/CPsuite-R80.20/fw1/lib/

******** implied_rules.def was changed by user, signature didn't match!
===========================================================
Date is Mon Sep 30 12:30:06 2019
HFA index is R80_20_JUMBO_HF
Path is /opt/CPR77CMP-R80.20/lib/
/opt/CPR77CMP-R80.20/lib//vpn_table.def wasn't backed up, the backup file already exists
/opt/CPR77CMP-R80.20/lib//te.def wasn't backed up, the backup file already exists
vpn_table.def was updated
te.def was updated
0 Kudos
Gregory_Link
Contributor
‎2019-10-02 10:13 AM
In response to Gregory_Link
Jump to solution

Additionally, here are the changes I saw on the files it said were not backed up.  Doesn't look like much of anything to me.

vpn_table.def comparevpn_table.def comparete.def comparete.def compare

0 Kudos
Michael_Gabriel
Explorer
‎2019-10-02 09:13 AM
In response to Gregory_Link
Jump to solution

Greg,

On the App/URL Filter tab, go to Applications/Sites --> New -->  Category.  Name it SSL_Bypass.

Same tab, go to Applications/Sites --> New --> Application/Site.  Name it GoToMeeting, click next.

On the next screen, add all of the URLs listed in the following support page: 

https://support.logmeininc.com/gotomeeting

Make sure you use wildcards where indicated.  On next screen give it a category of SSL_Bypass.

I did not find it necessary to whitelist any of the IPs or ports listed, just the URLs.

Create a rule under HTTPS Inspection policy.  Make sure there are NO inspection rules above this bypass rule (all of your bypass rules should be at the top of your policy)

"Some Name" | src:Any | dst:Internet | services: http/https | site category: SSL_Bypass | action: Bypass

 

 

 

0 Kudos
Gregory_Link
Contributor
‎2019-10-02 09:20 AM
In response to Michael_Gabriel
Jump to solution

Yeah, I gotcha.  We have some existing domain bypasses in by site already for other stuff.  Going to severely limit the source on these though as I don't need everyone bypassing these domains.

0 Kudos
_Val_
Admin
Admin
‎2019-10-02 11:15 PM
Jump to solution

It does not work because of certificate pinning.

 

Looks here and act accordingly: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events