This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
abihsot__
Advisor
‎2018-11-26 12:56 AM

https inspection is not working

Hi Guys,

I have a strange problem with https inspection. Something I am missing here and run out of options.

R80.10 with appl/urlf/https inspection turned on. Enhanced ssl inspection is on.

cat $FWDIR/boot/modules/fwkern.conf
enhanced_ssl_inspection=1

https inspection policy:

my computer -> internal networks;      any category; action: bypass

my computer -> internet;                     specific URLs; action bypass

my computer -> internet;                     any category; action: inspect

First problem - there are no inspect logs. Only bypass for first https inspection rule.

Because it is not inspected, in appl/urlf policy my traffic avoiding first rules and hitting last one - any -> internet; action allow.

wstlsd.elg file contains only:

[26 Nov 8:39:04] wstlsd_init: Instance #0 of Daemon initiated successfully
[26 Nov 8:39:04] wstlsd_init: Instance #2 of Daemon initiated successfully
[26 Nov 8:39:04] wstlsd_init: Instance #4 of Daemon initiated successfully

Any ideas?

4 Replies
Evgeniy_Olkov
Collaborator
Collaborator
‎2018-11-26 02:30 AM

Hello. Please check your network topology. You must be sure that you have an 'external' interface.

abihsot__
Advisor
‎2018-11-26 03:38 AM

Hi,

thank you for suggestion! However I thought about this too, so I modified my https inspection policy to:

my computer -> internal networks;      any category; action: bypass

my computer -> any;                           specific URLs; action bypass

my computer -> any;                           any category; action: inspect

Still no luck.

By the way in firewall topology I have external interface defined.

0 Kudos
Evgeniy_Olkov
Collaborator
Collaborator
‎2018-11-26 03:44 AM
In response to abihsot__

Yes, I mean the firewall network topology. I had the same isue two weeks ago. After many actions I have just reconfigured the topology (override - External -> Internet) and installed the policy. And it has started to work.

0 Kudos
abihsot__
Advisor
‎2018-12-27 11:04 PM

Hi Guys,

Just wanted to let you know that after removing identity awareness object from https inspection policy it started working... However I am still not happy how it works. I'll do some more testing

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top