CheckMates GO
Episode #04
CheckMates Nuggets
AI & Machine Learning
CheckMates GO
Episode #03
The NEW
CheckMates is here!
CPX 360
Content
Hi Guys,
I have a strange problem with https inspection. Something I am missing here and run out of options.
R80.10 with appl/urlf/https inspection turned on. Enhanced ssl inspection is on.
cat $FWDIR/boot/modules/fwkern.conf
enhanced_ssl_inspection=1
https inspection policy:
my computer -> internal networks; any category; action: bypass
my computer -> internet; specific URLs; action bypass
my computer -> internet; any category; action: inspect
First problem - there are no inspect logs. Only bypass for first https inspection rule.
Because it is not inspected, in appl/urlf policy my traffic avoiding first rules and hitting last one - any -> internet; action allow.
wstlsd.elg file contains only:
[26 Nov 8:39:04] wstlsd_init: Instance #0 of Daemon initiated successfully
[26 Nov 8:39:04] wstlsd_init: Instance #2 of Daemon initiated successfully
[26 Nov 8:39:04] wstlsd_init: Instance #4 of Daemon initiated successfully
Any ideas?
Hello. Please check your network topology. You must be sure that you have an 'external' interface.
Hi,
thank you for suggestion! However I thought about this too, so I modified my https inspection policy to:
my computer -> internal networks; any category; action: bypass
my computer -> any; specific URLs; action bypass
my computer -> any; any category; action: inspect
Still no luck.
By the way in firewall topology I have external interface defined.
Yes, I mean the firewall network topology. I had the same isue two weeks ago. After many actions I have just reconfigured the topology (override - External -> Internet) and installed the policy. And it has started to work.
Hi Guys,
Just wanted to let you know that after removing identity awareness object from https inspection policy it started working... However I am still not happy how it works. I'll do some more testing
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY