cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

HTTPS Inspection problem about unspoorted SSL version

I ıse R80.10

I try to reach my customers' portal but I have some problem. According to the direction of customer, we enabled SSL V3 support on browser. But still I cant reach the web page.

The HTTPS INSPECTION blade gave me not a detail log.

The  log is:

Id: 0a2b010f-538f-8c08-5aea-c31a7bb10029
Marker: @A@@B@1525334268@C@807605
Log Server Origin: 10.43.1.15
Time: 2018-05-03T08:06:50Z
Id Generated By Indexer:false
First: true
Sequencenum: 161
HTTPS Validation: unsupported
Description: SSL version is not supported.
Source: 10.40.1.84
Source Port: 39143
Destination: 195.87.42.18
Destination Port: 443
IP Protocol: 6
Action: Reject
Type: Log
Policy Name: yasar_fw_policy_new
Policy Management: netmonitor
Db Tag: {8D72866A-E8F7-BA4F-B6DB-30A1CCD94FBC}
Policy Date: 2018-05-03T07:50:31Z
Blade: HTTPS Inspection
Origin: fwpinarbasi1
Service: TCP/443
Product Family: Network
Description: Rejected

Have you any idea to solve this issue or to give more detail about this ?

Tags (1)
6 Replies
Admin
Admin

Re: HTTPS Inspection problem about unspoorted SSL version

By default, we have disabled SSLv3 support in various parts of the product because it is not secure.

I'll have to check if it's possible to enable it for HTTPS Inspection,

0 Kudos

Re: HTTPS Inspection problem about unspoorted SSL version

Hı,

According to sk107744 , the problem was fixed in R80.10 and my version is R80.10. But that problem stil occurs. Are you still offer this SK?

Regards,

0 Kudos
Admin
Admin

Re: HTTPS Inspection problem about unspoorted SSL version

When I looked in R80.10, the ssl_min_ver was TLS 1.0.

That would suggest you still have to set the minimum SSL version to SSLv3.

0 Kudos

Re: HTTPS Inspection problem about unspoorted SSL version

Hi

Altough I set min ver:SSLv3 and install policy to all gateways nothing change excep there is no Reject log. Now there is no block, reject or prevent log but sitll I canot reach the sites via Checkpoint

Also debug log shows nothing :

fw ctl zdebug drop |grep <source IP>

 Is there anything to offer?

Regards,

0 Kudos
Admin
Admin

Re: HTTPS Inspection problem about unspoorted SSL version

I recommend engaging with the TAC to further troubleshoot this.

0 Kudos
Admin
Admin

Re: HTTPS Inspection problem about unspoorted SSL version

By default, SSLv3 support is disabled.

You can enable it by following the workaround in this SK, except you specify the ssl_min_ver as SSLv3: Unable to access some HTTPS sites after enabling HTTPS Inspection "Probe Bypass" mechanism 

0 Kudos