This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Saranya_0305
Collaborator
‎2025-07-09 12:06 AM

Unable to access Site(CPNotEnoughDataForRuleMatch)

Dear Team,

Management Server : R81.20 Take 99
FWs : R81.10 Take 172
Setup: Cluster

When I try to access the site https://ebiz.ril.com unable to access the site.

When I checked the logs, the logs showing "Reason: Connection terminated before the Security Gateways was able to make the decision: Insufficient data passed. To learn more see SK113479"

The below are the Matched Rules

Layer                                 Rule Name                                                 Action
Network-Comm               Implicit Cleanup                                       Accept
Network                            Rule Name(Matched)                               Accept
Application(shared)         CPNotEnoughDataForRuleMatch          Accept
Content(shared)               CPNotEnoughDataForRuleMatch          Accept

The web browser showing error

"Access to ebiz.ril.com was denied.
You don't have authorized for to view this page.
HTTP ERROR 403"

Later I added the rules at the top of both Application and Content Layers as "Action: Accept" to ebiz.ril.com.

After that we are still not able to access the site.

The below are the Matched Rules after adding rules.

Layer                                Rule Name                                               Action
Network-Comm              Implicit Cleanup                                     Accept
Network                           Rule Name(Matched)                             Accept
Application(shared)        CPNotEnoughDataForRuleMatch        Accept
Content(shared)              Rule Name(Matched)                             Accept

But this time browser is showing error

"This site can't provide a secure connection
ebiz.ril.com uses an unsupported protocol
ERR_SSL_VERSION_OR_CIPHER_MISMATCH"

I have enabled HTTPS Inspection, but there is no rule for this site.


Please find the attached screenshots for reference.

 

Regards,

Saranya

 

 

Preview file
47 KB
Preview file
57 KB
0 Kudos
4 Replies
Lesley
Authority Authority
Authority
‎2025-07-09 06:03 AM

Error means there was no data backup from the website to client.  (Unable to access Site(CPNotEnoughDataForRuleMatch)

So -> syn -> syn ack -> ack etc but no data that shows websites.

It get stuck because the client has not the same SSL ciphers as website.

If you run https://www.ssllabs.com/ssltest/analyze.html?d=ebiz.ril.com&hideResults=on

you can see website is outdated. No TLS 1.3 and mostly weak ciphers.

To prove this make wireshark capture on client and both website and client will share the SSL cipher suite list.

https://osqa-ask.wireshark.org/questions/62098/how-to-find-out-which-ssl-cipher-suite-is-being-used/

Note IF the firewall does HTTPS inspection it is the firewall that builds the connection to the website, not the client. Then it is a different story. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
PhoneBoy
Admin
Admin
‎2025-07-10 10:25 AM
In response to Lesley

More specifically @Saranya_0305, this error comes up when the client and server cannot agree on specific TLS ciphers.
Usually this is because the server does not support stronger ciphers than the client is configured to allow.

Unless this connection is subject to HTTPS Inspection, this is 100% not a firewall issue.

0 Kudos
Tal_Paz-Fridman
Employee
Employee
‎2025-07-09 06:10 AM

Have you looked at

https://support.checkpoint.com/results/sk/sk113479

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events