This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
BrunoCiongoli
Participant
‎2022-03-11 06:28 AM

Slow HTTPS sites download

Hello dears

I have a problem downloading some https sites

What happens is that first the site appears blocked as shown in the following image, but after a few seconds it loads without problems

 

We have a Cluster HA running R81

 

I would be very grateful for help in finding the reason.

 

Thank you in advance

Preview file
5 KB
0 Kudos
7 Replies
Chris_Atkinson
Employee
Employee
‎2022-03-11 06:40 AM

Please provide the following:

- JHF Take?

- HTTPS inspection enabled? Y/N

- If yes how is the HTTPS inspection rule base configured?

- Trusted CAs updated?

- Is fail-close used?

- Is hold mode used?

 

 

BrunoCiongoli
Participant
‎2022-03-11 07:35 AM
In response to Chris_Atkinson

Hi Chris, thanks for your response

-R81 take 44

-Yes

-Image

-No

-Yes

Preview file
7 KB
0 Kudos
Chris_Atkinson
Employee
Employee
‎2022-03-11 05:11 PM
In response to BrunoCiongoli

Unfortunately your attachments aren't working...

Note the latest GA JHF take includes the following fixes amongst others.

PRJ-31694,
PMTR-73790		 IPS Improved the handling of decoded HTTP/S traffic.
PRJ-29476,
PMTR-72234		 SSL Inspection In some scenarios, a memory leak may occur when creating ECDHE keys.
PRJ-30460,
PRHF-19516		 SSL Inspection In rare scenarios, HTTPS connections may hang indefinitely during the TLS handshake, causing timeout.
PRJ-30701,
PMTR-72756		 SSL Inspection,
VPN		 A memory leak in HTTPS Inspection and HTTPS portals may occur when using ECDHE ciphers.

 

An upcoming JHF Take will also include:

PRJ-30819,
PRHF-19417		 SecureXL In a rare scenario, after an upgrade, HTTPS traffic may be dropped.

 

You could try upgrading to the latest GA JHF or contact TAC to diagnose further.

BrunoCiongoli
Participant
‎2022-03-15 05:32 AM
In response to Chris_Atkinson

Hi Chris, I will try with the latest GA JHF, and check the behavior

 

Thank you

0 Kudos
the_rock
Champion
Champion
‎2022-03-11 11:37 AM

The first thing that came to my mind when I read your post was https inspection. Can you disable it and test to see if same issue happens?

Andy

0 Kudos
BrunoCiongoli
Participant
‎2022-03-15 05:34 AM
In response to the_rock

Hi Andy, thanks for your response

It is not possible because it is a critical service

0 Kudos
the_rock
Champion
Champion
‎2022-03-15 06:57 AM
In response to BrunoCiongoli

Not even in a short maintenance window? That would take literally 10 mins tops.

0 Kudos
Labels