This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
John_Colfer
Contributor
‎2018-11-14 07:46 AM

User check Page not displaying for https sites

Jump to solution

Hi Community

Have a strange one for a customer. 

They use URL filtering/Application control. Its working as expected and blocking what it should. When you go to http sites that should be blocked you get this 

But when you go to its https equivalent you get this:

You can see in the logs that everything is working ok:

Its just the Blocked page doesnt display. Has anybody seen this before?

Fairly simple config (I replicated issue on test environment). Its 77.30 Gaia HFA 302.

Thanks in advance and let me know if more info is required.

Thanks

John

Reply
1 Solution

Accepted Solutions
Evgeniy_Olkov
Collaborator
‎2018-11-14 10:00 AM

Jump to solution

Hi. You need to enable https inspection.

View solution in original post

Reply
6 Replies
Evgeniy_Olkov
Collaborator
‎2018-11-14 10:00 AM

Jump to solution

Hi. You need to enable https inspection.

View solution in original post

Reply
John_Colfer
Contributor
‎2018-11-15 02:28 AM

Jump to solution

Thanks Evgeniy

We'd prefer not inspect all https connections as this has compliance issues.

Is there another way at all?

Thanks again

John

0 Kudos
Reply
Evgeniy_Olkov
Collaborator
‎2018-11-15 02:34 AM
In response to John_Colfer

Jump to solution

There is no other way, as far as I know.

0 Kudos
Reply
Juan_Concepcion
Advisor
‎2018-11-15 11:12 AM
In response to John_Colfer

Jump to solution

Without https inspection you cannot inject yourself in the stream to present the user check page, at most you can block the site based off of certificate classification but that is the extent of it.

0 Kudos
Reply
Bryan_Bailey
Explorer
‎2018-11-16 07:13 AM
In response to John_Colfer

Jump to solution

I just went through this. Enabling HTTPS inspection that is in R80.10 I found that we had to generate a third part cert, enable the VPN blade, recreate the internal ca cert, import the third party cert and it finally worked. This is / was not documented anywhere. It took me about a week and 4 different TAC calls. To your question. after you get https inspection working, https inspection policy you can create bypass rules for appropriate compliance related matters. I have not created any such rules but the last engineer I spoke with was very helpful in explaining the exact situation you are describing.  Hope this helps. 

Reply
John_Colfer
Contributor
‎2018-11-16 12:38 AM

Jump to solution

Understood. Thanks lads.

0 Kudos
Reply