Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Yasar_Holding
Participant

HTTPS Inspection problem about unspoorted SSL version

I ıse R80.10

I try to reach my customers' portal but I have some problem. According to the direction of customer, we enabled SSL V3 support on browser. But still I cant reach the web page.

The HTTPS INSPECTION blade gave me not a detail log.

The  log is:

Id: 0a2b010f-538f-8c08-5aea-c31a7bb10029
Marker: @A@@B@1525334268@C@807605
Log Server Origin: 10.43.1.15
Time: 2018-05-03T08:06:50Z
Id Generated By Indexer:false
First: true
Sequencenum: 161
HTTPS Validation: unsupported
Description: SSL version is not supported.
Source: 10.40.1.84
Source Port: 39143
Destination: 195.87.42.18
Destination Port: 443
IP Protocol: 6
Action: Reject
Type: Log
Policy Name: yasar_fw_policy_new
Policy Management: netmonitor
Db Tag: {8D72866A-E8F7-BA4F-B6DB-30A1CCD94FBC}
Policy Date: 2018-05-03T07:50:31Z
Blade: HTTPS Inspection
Origin: fwpinarbasi1
Service: TCP/443
Product Family: Network
Description: Rejected

Have you any idea to solve this issue or to give more detail about this ?

6 Replies
PhoneBoy
Admin
Admin

By default, we have disabled SSLv3 support in various parts of the product because it is not secure.

I'll have to check if it's possible to enable it for HTTPS Inspection,

0 Kudos
Yasar_Holding
Participant

Hı,

According to sk107744 , the problem was fixed in R80.10 and my version is R80.10. But that problem stil occurs. Are you still offer this SK?

Regards,

0 Kudos
PhoneBoy
Admin
Admin

When I looked in R80.10, the ssl_min_ver was TLS 1.0.

That would suggest you still have to set the minimum SSL version to SSLv3.

0 Kudos
Yasar_Holding
Participant

Hi

Altough I set min ver:SSLv3 and install policy to all gateways nothing change excep there is no Reject log. Now there is no block, reject or prevent log but sitll I canot reach the sites via Checkpoint

Also debug log shows nothing :

fw ctl zdebug drop |grep <source IP>

 Is there anything to offer?

Regards,

0 Kudos
PhoneBoy
Admin
Admin

I recommend engaging with the TAC to further troubleshoot this.

0 Kudos
PhoneBoy
Admin
Admin

By default, SSLv3 support is disabled.

You can enable it by following the workaround in this SK, except you specify the ssl_min_ver as SSLv3: Unable to access some HTTPS sites after enabling HTTPS Inspection "Probe Bypass" mechanism 

0 Kudos