Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Oliver_222
Participant

problem with access to the site

Good afternoon

There is a problem with access to the site.
The site support said that there is no blocking of our external addresses.
We see duplicate logs: for some reason, in addition to user traffic, we see that there is traffic from the checkpoint itself to the site. That is, both users and checkpoint are accessing the resource.

Previously, we saw that traffic was coming only from user networks. But now we see in the logs connections from both user networks and CheckPoint's external address.

Can you tell me if this is normal? Also in the traffic dumps we see TCP Retransmission.

0 Kudos
4 Replies
Chris_Atkinson
Employee Employee
Employee

I think we are missing several key bits of information to be able to help, for example:

Is HTTPS inspection used and which version/JHF is the gateway?

Are you able to share details of the problematic site, is it isolated to this site?

Is the traffic just NAT/d by the gateway or is it also acting as a proxy?

CCSM R77/R80/ELITE
0 Kudos
Oliver_222
Participant

Yes, HTTPS inspection is enabled. Earlier we saw logs about HTTPS inspection, but now we don't see them: we only see accept logs of users and the Security Gateway.
3000 Appliance R81.10 Take: 87

The site https://jazz.sber.ru , it is designed for video calls.

We use the automatic hide NAT rule for the user network object.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Some things to consider:

- Check Trusted CA list is up to date

- Is QUIC traffic handled in the environment 

- Upgrading Jumbo take

- Recent documented change in Chrome behavior

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin

As part of SNI verification (App Control with or without HTTPS Inspection, and with HTTPS Inspection), we initiate a connection from the gateway to verify the SAN of the target site.
That part is expected behavior.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events