This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
David_M_Almas
Contributor
‎2018-03-28 03:32 AM

Bypass HTTPS Inspection for a custom URL

Hi all!

We're using HTTPS Inspection with a custom outbound certificate in a R80.10 cluster.

Some sites (e.g. https://www.forbes.com/) aren't doing very well with this setup.

To create a Bypass, I created a User Category and a Custom Application/Site using that User Category as Primary Category.

When I try to use this User Category in column Site Category in a Bypass rule on HTTPS Inspection, the policy installation fails with message:

   "HTTPS Inspection: rule 2. In 'Site Category' column,  applications or groups with applications are not supported."

Any ideas on how to create this kind of exception/bypass for HTTPS Inspection?

Thanks in advance!

0 Kudos
5 Replies
G_W_Albrecht
Legend Legend
Legend
‎2018-03-28 04:42 AM

I would do this in https rulebase (R77.30 Dashboard opens nicely for that 😉 - just make sure that the traffic to bypass is NOT matched by https rules - then it is surely not inspected (and the cert not analyzed). Good help can be found in sk108202 Best Practices - HTTPS Inspection and maybe you need to use Probe Bypass from sk104717 HTTPS Inspection Enhancements in R77.30 and above.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Vladimir
Champion
Champion
‎2018-03-28 08:17 AM
In response to G_W_Albrecht

Gunther, can you please clarify what you mean by this: "just make sure that the traffic to bypass is NOT matched by https rules - then it is surely not inspected (and the cert not analyzed)"?

Are you implying that this rule:

Will prevent HTTPS inspection enforcement of any of these two rules:

According to my tests, this seem to work fine with exception of the above mentioned forbes.com.

That site does not work with or without probe bypass.

Thank you.

G_W_Albrecht
Legend Legend
Legend
‎2018-03-29 12:31 AM
In response to Vladimir

Sorry for the confusion - this should work fine indeed. The only reliable solution i know of is Dest IP 😞

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
David_M_Almas
Contributor
‎2018-03-29 03:38 AM

Answering my own question 🙂

We're bypassing certain Site Categories (e.g. Health and Finantial Services) so I just created a Override Categorization for the site www.forbes.com changing the Primary Category for "Finantial Services" (the name www.forbes.com is actually a CNAME for g2.shared.global.fastly.net. so I add to Override this one too).

We're considering to Bypass the Very Low Risk Site Category and add future exceptions to this category thus overriding HTTPS Inspection.

If someone knows about a better/more specific solution for adding exceptions of HTTPS Inspection please let me (us!) know.

Regards!

0 Kudos
kb1
Collaborator
‎2020-05-20 12:41 PM
In response to David_M_Almas

hi can you tell me what catgoreies you have bypassed for inspection apart from health and financial services?
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events