This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Yasar_Holding
Participant
‎2018-05-03 01:48 AM

HTTPS Inspection problem about unspoorted SSL version

I ıse R80.10

I try to reach my customers' portal but I have some problem. According to the direction of customer, we enabled SSL V3 support on browser. But still I cant reach the web page.

The HTTPS INSPECTION blade gave me not a detail log.

The  log is:

Id: 0a2b010f-538f-8c08-5aea-c31a7bb10029
Marker: @A@@B@1525334268@C@807605
Log Server Origin: 10.43.1.15
Time: 2018-05-03T08:06:50Z
Id Generated By Indexer:false
First: true
Sequencenum: 161
HTTPS Validation: unsupported
Description: SSL version is not supported.
Source: 10.40.1.84
Source Port: 39143
Destination: 195.87.42.18
Destination Port: 443
IP Protocol: 6
Action: Reject
Type: Log
Policy Name: yasar_fw_policy_new
Policy Management: netmonitor
Db Tag: {8D72866A-E8F7-BA4F-B6DB-30A1CCD94FBC}
Policy Date: 2018-05-03T07:50:31Z
Blade: HTTPS Inspection
Origin: fwpinarbasi1
Service: TCP/443
Product Family: Network
Description: Rejected

Have you any idea to solve this issue or to give more detail about this ?

6 Replies
PhoneBoy
Admin
Admin
‎2018-05-03 07:18 AM

By default, we have disabled SSLv3 support in various parts of the product because it is not secure.

I'll have to check if it's possible to enable it for HTTPS Inspection,

0 Kudos
Yasar_Holding
Participant
‎2018-05-07 12:00 AM
In response to PhoneBoy

Hı,

According to sk107744 , the problem was fixed in R80.10 and my version is R80.10. But that problem stil occurs. Are you still offer this SK?

Regards,

0 Kudos
PhoneBoy
Admin
Admin
‎2018-05-07 06:57 AM
In response to Yasar_Holding

When I looked in R80.10, the ssl_min_ver was TLS 1.0.

That would suggest you still have to set the minimum SSL version to SSLv3.

0 Kudos
Yasar_Holding
Participant
‎2018-05-08 06:00 AM
In response to PhoneBoy

Hi

Altough I set min ver:SSLv3 and install policy to all gateways nothing change excep there is no Reject log. Now there is no block, reject or prevent log but sitll I canot reach the sites via Checkpoint

Also debug log shows nothing :

fw ctl zdebug drop |grep <source IP>

 Is there anything to offer?

Regards,

0 Kudos
PhoneBoy
Admin
Admin
‎2018-05-08 06:30 AM
In response to Yasar_Holding

I recommend engaging with the TAC to further troubleshoot this.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-05-03 05:27 PM

By default, SSLv3 support is disabled.

You can enable it by following the workaround in this SK, except you specify the ssl_min_ver as SSLv3: Unable to access some HTTPS sites after enabling HTTPS Inspection "Probe Bypass" mechanism 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events