This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gerard2012
Explorer
‎2021-09-30 06:45 AM
Jump to solution

HTTPS Inspection Rule Not Being Matched

Hello all

 

In tried search forum for answer to this but nothing I've seen seems to work for me.

I'm have been tasked to enabled URL filtering to restrict access to internally hosted web apps.

I have enabled HTTPS inspection and have successfully blocked access to external HTTPS sites as a test, but for some reason the URL for this internal app is not matched in the inspection rules.

 

In this instance the CP software is R80.10.

 

The URL in question is:

https://ukst-webapp-utils-dev009.ase-dev.ourdomain.com/clientapp

 

I've tried every iteration of this in the Custom Application object...

"ukst-webapp-utils-dev009.ase-dev.ourdomain.com/clientapp"

"ukst-webapp-utils-dev009.ase-dev.ourdomain.com"

"ase-dev.ourdomain.com"

As regex...

".*\.ase-dev\.ourdomain\.com\/clientapp"

 

It just will not hit the inspection rule.

 

The server presents a wildcard cert for "*.ase-dev.ourdomain.com", is that significant?

It only works when I set the rule site category to "any", and then traffic seems to be classified as "Business / Economy".

Any advise would be greatly appreciated.

 

Thanks.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2021-09-30 06:50 AM
Jump to solution

In R80.10, we match only based on the DN of the certificate.
Later versions support SNI (possibly requiring a JHF).
In any case, R80.10 is nearly End of Support and recommend upgrading.

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2021-09-30 06:50 AM
Jump to solution

In R80.10, we match only based on the DN of the certificate.
Later versions support SNI (possibly requiring a JHF).
In any case, R80.10 is nearly End of Support and recommend upgrading.

0 Kudos
Gerard2012
Explorer
‎2021-09-30 08:06 AM
In response to PhoneBoy
Jump to solution

Thanks for responding so quickly PhoneBoy.

Yes, noted this needs to be upgraded, but to clarify, is it at all possible to match an inspection rule for a wildcard cert? If the the Custom Application object were just ...

".*\.ase-dev\.ourdomain\.com\"

for example?

 

0 Kudos
Gerard2012
Explorer
‎2021-09-30 08:11 AM
In response to Gerard2012
Jump to solution

Just answered my own question.

Changed the URL in the object to "ase-dev.ourdomain.com" (not regex) and inspection works.

But will need upgrade to meet the requirements....

Thanks PhoneBoy.

0 Kudos
the_rock
Legend
Legend
‎2021-09-30 09:11 AM
In response to Gerard2012
Jump to solution

I was just about to reply and suggest what you put in there. I ALWAYS use that method for allowing./blocking...*domain* and works fine : )

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events