This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
abihsot__
Advisor
‎2018-11-26 12:56 AM

https inspection is not working

Hi Guys,

I have a strange problem with https inspection. Something I am missing here and run out of options.

R80.10 with appl/urlf/https inspection turned on. Enhanced ssl inspection is on.

cat $FWDIR/boot/modules/fwkern.conf
enhanced_ssl_inspection=1

https inspection policy:

my computer -> internal networks;      any category; action: bypass

my computer -> internet;                     specific URLs; action bypass

my computer -> internet;                     any category; action: inspect

First problem - there are no inspect logs. Only bypass for first https inspection rule.

Because it is not inspected, in appl/urlf policy my traffic avoiding first rules and hitting last one - any -> internet; action allow.

wstlsd.elg file contains only:

[26 Nov 8:39:04] wstlsd_init: Instance #0 of Daemon initiated successfully
[26 Nov 8:39:04] wstlsd_init: Instance #2 of Daemon initiated successfully
[26 Nov 8:39:04] wstlsd_init: Instance #4 of Daemon initiated successfully

Any ideas?

4 Replies
Evgeniy_Olkov
Collaborator
‎2018-11-26 02:30 AM

Hello. Please check your network topology. You must be sure that you have an 'external' interface.

abihsot__
Advisor
‎2018-11-26 03:38 AM

Hi,

thank you for suggestion! However I thought about this too, so I modified my https inspection policy to:

my computer -> internal networks;      any category; action: bypass

my computer -> any;                           specific URLs; action bypass

my computer -> any;                           any category; action: inspect

Still no luck.

By the way in firewall topology I have external interface defined.

0 Kudos
Evgeniy_Olkov
Collaborator
‎2018-11-26 03:44 AM
In response to abihsot__

Yes, I mean the firewall network topology. I had the same isue two weeks ago. After many actions I have just reconfigured the topology (override - External -> Internet) and installed the policy. And it has started to work.

0 Kudos
abihsot__
Advisor
‎2018-12-27 11:04 PM

Hi Guys,

Just wanted to let you know that after removing identity awareness object from https inspection policy it started working... However I am still not happy how it works. I'll do some more testing

Labels