cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Sukru_isik
Nickel

Https inspection Validation error

Hello  ,

I have checkpoint with version R80.20.

I have enabled https inspection and using Sophos endpoint agent.

Agents are managed on cloud side. When we want to install agent , we are taking a log like below and  we couldnt install it. 

I have written exception url like "*.sophos.com" on inspection rules, but it is not working.

(When I disable https inspection completely, the agents are installed succesfully.)

How can I solve this problem?

10 Replies
Alex_Weldon
Nickel

Re: Https inspection Validation error

It looks like you already have the Sophos IP addresses defined - Try creating an HTTPS bypass using the Objects representing the Sophos IP range rather than the regex bypass.

0 Kudos
Highlighted
Sukru_isik
Nickel

Re: Https inspection Validation error

I dont know IP adresses. The application is on amazon public cloud. And IP adresses are always changing so I have to write url exception.

0 Kudos
Alex_Weldon
Nickel

Re: Https inspection Validation error

What are your options set to under HTTPS Validation? 

0 Kudos
Sukru_isik
Nickel

Re: Https inspection Validation error

the configuration is below:

0 Kudos
Admin
Admin

Re: Https inspection Validation error

The error message is pretty clear: whatever is signing the certificate is not a trusted CA.

The Security Gateway maintains a certificate store of CAs.

Whatever CA signed the site certificate, it needs to be added here:

Sukru_isik
Nickel

Re: Https inspection Validation error

I import certificate manually(exported it to *.cer file from browser).

And then try again but I am taking same error.

0 Kudos
Admin
Admin

Re: Https inspection  Validation error

That's a different error from the above.

In any case I recommend opening a TAC case so we can troubleshoot what's happening.

0 Kudos

Re: Https inspection Validation error

I had this issue and noticed there was a root CA update waiting to be applied. After applying the update all was good:

Ref: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos
RickHoppe
Silver

Re: Https inspection Validation error

In cases like this I always check SSL Labs to see what they have to say: https://www.ssllabs.com/ssltest/analyze.html?d=mcs%2dcloudstation%2dus%2deast%2d2.prod.hydra.sophos....

My advise would be to also contact your support contacts at Sophos as there is clearly a trust issue with this certificate.

My blog: https://checkpoint.engineer
0 Kudos
McGlio
New Member!

Re: Https inspection Validation error

I've found a workaround for those who use Sophos like antivirus.
You will not find on the internet the CA used from Sophos for Antivirus update/installation, but if you install a client using an outside connection on your Windows computer, for example doing hotspot with your mobile, you could find the .crt file of the root CA used in the path C:\Program Files (x86)\Sophos\CloudInstaller\Management Certs

 

0 Kudos