Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dan_Roddy
Collaborator

Users reported web traffic stopped working

Found a block action reason:  Blocking request as configured in engine settings of Application Control...

Precise Error: Internal system error in HTTPS Inspection due to categorization service timeout...

So I went to Blades/Application Control & URL Filtering Settings/General and changed Fail mode to 'allow all requests (fail-open) and installed policy.

Problem solved, any input on what's happening?

11 Replies
PhoneBoy
Admin
Admin

There's a few different possibilities on this.

The TAC can assist you with troubleshooting the exact cause.

0 Kudos
Dan_Roddy
Collaborator

I'll give you 100 points for the 'few different possibilities'.

0 Kudos
PhoneBoy
Admin
Admin

As admin, I can give myself all the points I want Smiley Happy

Unfortunately the information is in an internal SK.

And now that I read it more closely, it says "gather the following debugs" and doesn't provide much of an explanation.

Dan_Roddy
Collaborator

I'm chatting with TAC and they are struggling...can you give me the sk# please?

0 Kudos
PhoneBoy
Admin
Admin

I searched SK for the error message you provided, which brought up sk118440.

My guess is they will have to get R&D involved.

Dan_Roddy
Collaborator

With Access Mode set to Allow, I am seeing a very small number of Alerts on this today.  Does anyone know how SSL inspection reacts to a SSLv3 connection?  I know they should not exist but just asking the question, maybe a client is doing this.

Thanks..

0 Kudos
PhoneBoy
Admin
Admin

I believe, by default, this is allowed.

You can prevent that as described here: Check Point response to the POODLE Bites vulnerability (CVE-2014-3566) 

0 Kudos
Tim_McColgan
Contributor

I am experiencing this issue today. The only changes we made in the FW cluster was to enable enhanced SSL inspection. For some reason two banking related sites were not working until we configured enhanced SSL inspection. The day after we did these we started seeing many alerts for the Rad service not responding and that categorization was timing out for application control. However, TAC said enabling enhanced SSL inspection did not cause this. Plus we tested by turning it off. I am not sure why this is suddenly happening, but in the interim, I had to do the same which was setting the fail mode for application control to Fail-Open. I've scheduled an advanced debug with TAC to figure this out. Very strange. Anyone have any new or updated info on this? 

Calling Aaron Vivadelli‌ !!

0 Kudos
Ted_Serreyn
Collaborator

Just hit this today for a brand new https inspection turnup on newly upgrade R80.30 cluster.  Opened TAC case, grabbed debugs.  We'll see what the issue is.

 

 

0 Kudos
Jacinto_Rodrigu
Participant

I'm having the same issue with URL filtering and SSL inspection R80.30, brand new turn up.

Any clues yet?

0 Kudos
Ted_Serreyn
Collaborator

Ok, our issue ended up being an issue with the gateway and outbound traffic.  Make sure the gateway can get outbound to do http/https requests.  It needs to do this for categorization.

 

Once we fixed this, we were quickly online and https inspecting for a few test workstations.

 

Interesting enough, once we turned it on for the testing hosts, we also some issues with other hosts that we also had to put an override in place for.  This traffic went over a VPN and was NOT internet bound so did not match the policy for bypass.

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events