Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Netadmin2020
Contributor

Https Inspection enabled and no webpage is opening (80.30)

Dear colleges hi,

 

i am facing a strange situation. Cannot login to any site as you can see from the below pictures the destination is not blocked just inspected. This happens to every site i am trying to browse. Please assist! Thank you

tempsnip.jpg

https inspection 1.JPG

0 Kudos
Reply
9 Replies
HeikoAnkenbrand
Champion
Champion

You need to install the root certificate from SMS (SmartConsole) in the browser.

> Gateway & Service > [Gateway] > HTTPS Inspection

320FE9FC-BB1D-407B-B453-5B497F398B54.jpeg

Now download the root certificate.

More read here:  Performance Tuning Tip - SNI vs. https inspection

 

0 Kudos
Reply
Netadmin2020
Contributor

Firstly I want to thank you for your clear answer! This is not the issue cause the certificate is already implemented on all workstations via group policy and secondly. I made a test: I create a https bypass rule to a specific destination and the result was the same. Check the below image :I can see the Microsoft Bing search and the Microsoft Bing itself is "secured" but I cant login to any sites.

 

0 Kudos
Reply
Vincent_Bacher
Advisor

Would be interesting if the provided certificate is really from your appliance or from original webserver.

and now to something completely different
0 Kudos
Reply
PhoneBoy
Admin
Admin

What precisely is your HTTPS Inspection policy?
The behavior you’re seeing suggests that the Check Point gateway and the sites you’re connecting to can’t agree on ciphers.
There should be some message in the logs explaining what’s happening.
For the sites you are able to connect to, did you validate the TLS certificate to see who signed it?
Probably a good idea to open a TAC case here also.

0 Kudos
Reply
Chris_Atkinson
Employee
Employee

Please review your symptoms against  sk170332 

0 Kudos
Reply
Netadmin2020
Contributor

I have made a user group in AD (users interest access). There I add whoever want to have access via checkpoint. The https inspection policy is the below:

https.JPG

 

our current hotfix is: Check_Point_R80_30_JUMBO_HF_Bundle_T219_sk153152

 

0 Kudos
Reply
Netadmin2020
Contributor

Below is bypass inspection rule that I am using 

ok.JPG

 

I am open about your opinions

0 Kudos
Reply
Netadmin2020
Contributor

I managed to optimize the most but I have an issue eg with Facebook and YouTube URL Filtering. 

face.JPG

I have the Social Networking Category & Media Streamers  included to General Block Categories but with no success. Https inspection is enabled. Trusted CA are updated.

Users are not listed in the social networking and the media streamers group are able to login on both (facebook,youtube) but images on Facebook are not showing right and videos at YouTube are  not loading.

I just saw that the same thing is happening at linkedin.

 

Marry Christmas to all of you!

 

 

0 Kudos
Reply
Netadmin2020
Contributor

check certificate:

inspect1.JPG

inspect2.JPG

0 Kudos
Reply