Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
frenzetti
Explorer
Jump to solution

Avoid tracking connection but still log sk113479

Hi,

We need to allow users to reach a certain site but avoid tracking the connection.
We created a rule setting logging to "none" but the console displays the error Connection terminated before the Security Gateway was able to make a decision: Insufficient data passed. To learn more see sk113479.

Connection starts in http and then switches to https. Only http traffic (with the error) is logged. Https is correctly not tracked

Has anyone found themselves in the same situation and managed to resolve it?

Release is 81.10, blade are firewall and application control

Thx for your support

F

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

If the rule that is matched in the other layer is set to log, the connection will be logged.
This is expected behavior.
If this isn't the case, I recommend a TAC case: https://help.checkpoint.com 

View solution in original post

0 Kudos
10 Replies
PhoneBoy
Admin
Admin

What does the rule that permits the traffic look like?
Unless it contains http explicitly (the service), this is expected behavior.
To resolve the issue, add http to the the Services for the relevant rule (or create a new one).

0 Kudos
frenzetti
Explorer

Hi  @PhoneBoy , thx for your response.


Rule number 1 (above all) looks like this:

Source = Any
Destination = IP Address Object
Services = http,https
Log = None
Install On = Target Cluster

Still logging

0 Kudos
PhoneBoy
Admin
Admin

Can you provide a full log card (with sensitive details redacted)?
I suspect this may be a bug of some sort and will require TAC to assist: https://help.checkpoint.com 

0 Kudos
frenzetti
Explorer

Hi @Daphne_Reese , what is exactly needed (when you say 'full log card')

0 Kudos
PhoneBoy
Admin
Admin

When you double-click on an individual log entry, you will see a screen pop up with more details; This is the log card.

0 Kudos
frenzetti
Explorer

Hi, today we splitted the rule.

Rule 1 for service HTTP, Drop, No-Log

Rule 2 switched Services to ANY, Accept, No-Log (Any protocol: ping, https, ntp, etc)

Rule Number 1 is matched and no log is present for HTTP - that's ok

For HTTPS, as you can see, matched rule is exactly number 2 but still logging

Log.png

0 Kudos
PhoneBoy
Admin
Admin

What is the precise destination here?
Is it the gateway or something else?
What about using the explicit https service in Rule 2?
Are there other ordered Access Policy layers in use or just the one?

0 Kudos
frenzetti
Explorer

What is the precise destination here? Destination is an IP Address (in rule we put IP Address Object)
Is it the gateway or something else? External WebSite
What about using the explicit https service in Rule 2? Tried without success
Are there other ordered Access Policy layers in use or just the one? URL/App filtering with allow policy but no log about AppControl blade

0 Kudos
PhoneBoy
Admin
Admin

If the rule that is matched in the other layer is set to log, the connection will be logged.
This is expected behavior.
If this isn't the case, I recommend a TAC case: https://help.checkpoint.com 

0 Kudos
frenzetti
Explorer

Hi @PhoneBoy we will set no-log on all layers and try again.

Otherwise we will open the TAC case.

Thx

F

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events