cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Sukru_isik
Nickel

Https inspection Validation error

Hello  ,

I have checkpoint with version R80.20.

I have enabled https inspection and using Sophos endpoint agent.

Agents are managed on cloud side. When we want to install agent , we are taking a log like below and  we couldnt install it. 

I have written exception url like "*.sophos.com" on inspection rules, but it is not working.

(When I disable https inspection completely, the agents are installed succesfully.)

How can I solve this problem?

8 Replies
Alex_Weldon
Nickel

Re: Https inspection Validation error

It looks like you already have the Sophos IP addresses defined - Try creating an HTTPS bypass using the Objects representing the Sophos IP range rather than the regex bypass.

0 Kudos
Sukru_isik
Nickel

Re: Https inspection Validation error

I dont know IP adresses. The application is on amazon public cloud. And IP adresses are always changing so I have to write url exception.

0 Kudos
Alex_Weldon
Nickel

Re: Https inspection Validation error

What are your options set to under HTTPS Validation? 

0 Kudos
Sukru_isik
Nickel

Re: Https inspection Validation error

the configuration is below:

0 Kudos
Admin
Admin

Re: Https inspection Validation error

The error message is pretty clear: whatever is signing the certificate is not a trusted CA.

The Security Gateway maintains a certificate store of CAs.

Whatever CA signed the site certificate, it needs to be added here:

0 Kudos
Sukru_isik
Nickel

Re: Https inspection Validation error

I import certificate manually(exported it to *.cer file from browser).

And then try again but I am taking same error.

0 Kudos
Admin
Admin

Re: Https inspection  Validation error

That's a different error from the above.

In any case I recommend opening a TAC case so we can troubleshoot what's happening.

0 Kudos
RickHoppe
Silver

Re: Https inspection Validation error

In cases like this I always check SSL Labs to see what they have to say: https://www.ssllabs.com/ssltest/analyze.html?d=mcs%2dcloudstation%2dus%2deast%2d2.prod.hydra.sophos....

My advise would be to also contact your support contacts at Sophos as there is clearly a trust issue with this certificate.

Blog: https://checkpoint.engineer
0 Kudos