Hello everyone.
We have issues some websites. Our perimeter FW is
R80.40, standalone
Blades FW, APPC, URLF, IPS, AV, AB, TE and IA. Besides HTTPS INSPECTION enabled.
In windows hosts:
ESET endpoint security with Filter SSL/TLS functionality enabled (same as https inspection).
Issues: some websites load first time in web browser (edge, firefox, chrome), but in second time don't load o take it long time (2-10minutes) to load. It's worth to mentioned if we delete cookies in web browser, trouble's websites load again without problems..only first time.
Workarounds:
Disable https inspection to such hosts (as source traffice) or to such websites (as destiny traffic)...or...
.... disable Eset Filter SSL/TLS on windows hosts, so it is no longer need to disable the FW HTTPS Inspection
Above means that both CP Https Inspection and ESET Filter SSL/TLS can't work at same time to such websites. Apparently cookies are tried or modified in some point in any way by unknown entity (for me), so ESET antivirus o CP FW refuse to allow traffic.
I did contact ESET support. Solution them bring me was bypass such websites in eset antivirus, but I don't like this solution because the number of websites is constantly growing, and over time I will end up with hundreds or thousands of bypassed websites, additional of security risks.
I did disable temporary threat prevention blades, so just enabled FW, APPC ad URLF, however problematic behavior persist.
Any suggestion before I contact checkpoint TAC support?
Thanks.