Re: HTTPS Inspection Not Working

DarrenR · ‎2020-06-19

Hello,

I recently stood up a standalone R80.40 gateway in a lab environment to perform some testing for policy changes to support Office 365. I'm working through a scenario with a customer who has HTTPS inspection enabled globally, but I'm unable to get inspection working on my lab gateway. I've enabled HTTPS Inspection on the Gateway, have verified the HTTPS Inspection Policy is what I want, and have adjusted the Topology so respective interfaces are configured appropriately.

There's not much to configure here, so I'm beating my head against a wall trying to figure out why this appliance isn't inspecting outbound HTTPS traffic. Any help would be appreciated!

PhoneBoy · ‎2020-06-19

Screenshots of exactly what you've configured, what logs are getting generated with the relevant traffic would help.
Feel free to redact sensitive details.

DarrenR · ‎2020-06-19

Here are a few screenshots of the configuration and I've followed the guide here when putting this in place.

PhoneBoy · ‎2020-06-20

Your HTTPS Inspect rulebase should be more specific.
Specifically, the source should be the specific subnets from which you have traffic HTTPS inspected, not something general like any.
The destination of this rule can be any, not sure it works with the "All_Internet" object.
Second, for performance reasons, your last rule should always be any any bypass.

HeikoAnkenbrand · ‎2020-06-21

Hi @DarrenR

A few more tips:
1) Did you import the outbound certificate correctly in the browser?
2) Are there log entries for https inspection? If so, please take a picture.
3) Is the https interception enabled in the protocol tab?

4) Set "Internet" instead of "all internet" in the destination:

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

DarrenR · ‎2020-06-21

Boom! I missed the enabling the protocol signature. Thanks!

Tomer_Noy · ‎2021-08-09

Are you referring to the protocol setting in the Threat Prevention Profile editor?
Trying to extrapolate from the small screenshot, it looks like the setting that exists for the various Threat Prevention engines.

Indeed, it's possible to specify which protocols will be included in the scanning, but the default value for these profiles is to be "On" for HTTP/HTTPS. Most customers should not encounter this issue or have to touch this setting for HTTPS inspection to work.

Did you deactivate this in the past for your environment?
I'd like to better understand this case to make sure more customers don't encounter it.

Thanks!

Cmc · ‎2020-12-07

Can you tell me where the config is in your step 3 ? Because i couldn't find it. Thank you.

archie · ‎2021-01-15

Can somebody tell me, where can I find the protocol tab and setup the protocol signature feature? Is this a must config to work with HTTPS Inspection?

So without this feature the inspection not working? Thanks!

iko · ‎2021-08-07

can't find it either. does it still exist in R81?

chethan_m · ‎2023-12-13

Where do you find that "Protocol" option with the checkbox for "Web (HTTP/HTTPS)"?

the_rock · ‎2023-12-13

chethan_m · ‎2023-12-14

Thank you. This I knew for Threat Prevention. I was wondering if there was another similar configuration available under HTTPS shared policies > inspection settings.

the_rock · ‎2023-12-14

Only one I know is this

Andy

Are you a member of CheckMates?

HTTPS Inspection Not Working