This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Terri_Hawkins
Collaborator
‎2022-01-05 10:44 AM

HTTPS Inspection Error - service Timeout

I have a cluster of 15400 devices running on R80.40 with the FWMGR at R81.  Right now I am one patch behind on both, but they will be upgraded soon. 

We have HTTPS inspection enabled and all traffic was going thru (we have fail open) but found out that all of our traffic was also getting an "Internal System Error" and was not actually being inspected.  I have seen several posts on here about Error Code 2 and I see one or two of those, but that is not what we see. We are getting "Internal System Error in HTTPS Inspection due to categorization service timeout".  

I am guessing this is a new issue since SK176925 which I followed to increase some of the values in the rad.conf.c file was dated 12/13/21.  

I followed the instructions in the SK and see a dramatic drop in the errors but am still getting clumps of them.  For example we went from all traffic getting the error to now a few times a day I see it with about 40 - 50 log entries in less than a minute. Then it goes back to inspecting for an hour or so before I see another clump.

I am curious as to other people see this type of activity in their logs? I am not sure if this is normal and we are fixed now or if it is still broken and our tweak helped but did not fix the situation.

Also, I created a monitoring job off our network which monitors Checkpoints CWS and Updates pages and frequently get notifications that the sites are not available. I haven't seen a correlation between the times it is down and the clumps of errors we get, just throwing that out there for no good reason at all. 🙂

Any insight is appreciated.

 

 

6 Replies
Kaspars_Zibarts
Employee Employee
Employee
‎2022-01-05 11:41 AM

Checked ours that run HTTPS inspection, saw only handful occurrences on specific 3 dates. We're on R80.40 T120, so not the latest. Although smaller GWs (5900) and probably less traffic.

0 Kudos
Terri_Hawkins
Collaborator
‎2022-01-05 11:45 AM
In response to Kaspars_Zibarts

Thanks, that is helpful. Hopeful a few other people will answer too.  In case anyone does, you can see the errors either by going to the view for the https inspection blade or this is the query I use: 

blade:"HTTPS Inspection" and "internal system error"

 

0 Kudos
the_rock
Legend
Legend
‎2022-01-05 11:49 AM

I work with one customer often that actually has inspection enabled and we used to see that internal system error often, but funny enough, traffic WAS always getting inspected. We did not really know what to make of it, opened TAC case, never got a good explanation, then decided to install newer jumbo and has not seen it since. Luck? Maybe : - )

0 Kudos
Terri_Hawkins
Collaborator
‎2022-01-05 11:53 AM
In response to the_rock

We have R80.40 with take 125 installed, is that newer than yours? We are one take behind.

0 Kudos
the_rock
Legend
Legend
‎2022-01-05 11:54 AM
In response to Terri_Hawkins

Ours is on 120 currently.

0 Kudos
Terri_Hawkins
Collaborator
‎2022-01-05 12:09 PM
In response to the_rock

Thank you!

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events