- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hello,
We have a problem to acces at the website GoToAssist
We have identified the problem. The problem appears when the SSL inspextion is enable and we had to applicate a bypass rule but it worked before.
We had see for example in fortinet KB activate a bypass rule, sonicwall change the Cipher Method from Default to AES256-SHA or AES128-SHA or 3DES-SHA or RC4-MD5 to resolve this problem.
Have you an idea ?
Best Regard's
I assume that GoToAssist is like GoToMeeting and this is mentioned here: Several HTTPS web sites and applications might not work properly when HTTPS Inspection is enabled on...
Greg,
On the App/URL Filter tab, go to Applications/Sites --> New --> Category. Name it SSL_Bypass.
Same tab, go to Applications/Sites --> New --> Application/Site. Name it GoToMeeting, click next.
On the next screen, add all of the URLs listed in the following support page:
https://support.logmeininc.com/gotomeeting
Make sure you use wildcards where indicated. On next screen give it a category of SSL_Bypass.
I did not find it necessary to whitelist any of the IPs or ports listed, just the URLs.
Create a rule under HTTPS Inspection policy. Make sure there are NO inspection rules above this bypass rule (all of your bypass rules should be at the top of your policy)
"Some Name" | src:Any | dst:Internet | services: http/https | site category: SSL_Bypass | action: Bypass
It does not work because of certificate pinning.
Looks here and act accordingly: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
I assume that GoToAssist is like GoToMeeting and this is mentioned here: Several HTTPS web sites and applications might not work properly when HTTPS Inspection is enabled on...
The proposed solution in Sk112214 did not address the situation with GoToMeeting. Has anyone come up with a work around apart from turning off HTTPS inspection?
Create an HTTPS inspection bypass, that should help.
You could easily go back to the older JHF take and test again to be sure.
I received this notification after the take upgrade, but didn't think anything of it. I contacted Checkpoint Support and they didn't feel it was an issue.
• Additional Info:
fw1/bin/hook_fw1_wrapper_HOTFIX_R80_20_JUMBO_HF_MAIN: The updated inspect files were NOT installed due to signature mismatches or error. To process further please refer to sk116455.
Additionally, here are the changes I saw on the files it said were not backed up. Doesn't look like much of anything to me.
vpn_table.def compare
te.def compare
Greg,
On the App/URL Filter tab, go to Applications/Sites --> New --> Category. Name it SSL_Bypass.
Same tab, go to Applications/Sites --> New --> Application/Site. Name it GoToMeeting, click next.
On the next screen, add all of the URLs listed in the following support page:
https://support.logmeininc.com/gotomeeting
Make sure you use wildcards where indicated. On next screen give it a category of SSL_Bypass.
I did not find it necessary to whitelist any of the IPs or ports listed, just the URLs.
Create a rule under HTTPS Inspection policy. Make sure there are NO inspection rules above this bypass rule (all of your bypass rules should be at the top of your policy)
"Some Name" | src:Any | dst:Internet | services: http/https | site category: SSL_Bypass | action: Bypass
Yeah, I gotcha. We have some existing domain bypasses in by site already for other stuff. Going to severely limit the source on these though as I don't need everyone bypassing these domains.
It does not work because of certificate pinning.
Looks here and act accordingly: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY