This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
OK
ABOUT CHECKMATES & FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Help
Highlighted
abihsot__
Copper
‎2018-11-26 12:56 AM

https inspection is not working

Hi Guys,

I have a strange problem with https inspection. Something I am missing here and run out of options.

R80.10 with appl/urlf/https inspection turned on. Enhanced ssl inspection is on.

cat $FWDIR/boot/modules/fwkern.conf
enhanced_ssl_inspection=1

https inspection policy:

my computer -> internal networks;      any category; action: bypass

my computer -> internet;                     specific URLs; action bypass

my computer -> internet;                     any category; action: inspect

First problem - there are no inspect logs. Only bypass for first https inspection rule.

Because it is not inspected, in appl/urlf policy my traffic avoiding first rules and hitting last one - any -> internet; action allow.

wstlsd.elg file contains only:

[26 Nov 8:39:04] wstlsd_init: Instance #0 of Daemon initiated successfully
[26 Nov 8:39:04] wstlsd_init: Instance #2 of Daemon initiated successfully
[26 Nov 8:39:04] wstlsd_init: Instance #4 of Daemon initiated successfully

Any ideas?

Reply
4 Replies
Highlighted
Evgeniy_Olkov
Copper
‎2018-11-26 02:30 AM

Re: https inspection is not working

Hello. Please check your network topology. You must be sure that you have an 'external' interface.

Reply
Highlighted
abihsot__
Copper
‎2018-11-26 03:38 AM

Re: https inspection is not working

Hi,

thank you for suggestion! However I thought about this too, so I modified my https inspection policy to:

my computer -> internal networks;      any category; action: bypass

my computer -> any;                           specific URLs; action bypass

my computer -> any;                           any category; action: inspect

Still no luck.

By the way in firewall topology I have external interface defined.

0 Kudos
Reply
Highlighted
Evgeniy_Olkov
Copper
‎2018-11-26 03:44 AM

Re: https inspection is not working

Yes, I mean the firewall network topology. I had the same isue two weeks ago. After many actions I have just reconfigured the topology (override - External -> Internet) and installed the policy. And it has started to work.

0 Kudos
Reply
Highlighted
abihsot__
Copper
‎2018-12-27 11:04 PM

Re: https inspection is not working

Hi Guys,

Just wanted to let you know that after removing identity awareness object from https inspection policy it started working... However I am still not happy how it works. I'll do some more testing

Reply