- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi Guys,
I have a strange problem with https inspection. Something I am missing here and run out of options.
R80.10 with appl/urlf/https inspection turned on. Enhanced ssl inspection is on.
cat $FWDIR/boot/modules/fwkern.conf
enhanced_ssl_inspection=1
https inspection policy:
my computer -> internal networks; any category; action: bypass
my computer -> internet; specific URLs; action bypass
my computer -> internet; any category; action: inspect
First problem - there are no inspect logs. Only bypass for first https inspection rule.
Because it is not inspected, in appl/urlf policy my traffic avoiding first rules and hitting last one - any -> internet; action allow.
wstlsd.elg file contains only:
[26 Nov 8:39:04] wstlsd_init: Instance #0 of Daemon initiated successfully
[26 Nov 8:39:04] wstlsd_init: Instance #2 of Daemon initiated successfully
[26 Nov 8:39:04] wstlsd_init: Instance #4 of Daemon initiated successfully
Any ideas?
Hello. Please check your network topology. You must be sure that you have an 'external' interface.
Hi,
thank you for suggestion! However I thought about this too, so I modified my https inspection policy to:
my computer -> internal networks; any category; action: bypass
my computer -> any; specific URLs; action bypass
my computer -> any; any category; action: inspect
Still no luck.
By the way in firewall topology I have external interface defined.
Yes, I mean the firewall network topology. I had the same isue two weeks ago. After many actions I have just reconfigured the topology (override - External -> Internet) and installed the policy. And it has started to work.
Hi Guys,
Just wanted to let you know that after removing identity awareness object from https inspection policy it started working... However I am still not happy how it works. I'll do some more testing
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY