Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Netadmin2020
Collaborator

Https Inspection enabled and no webpage is opening (80.30)

Dear colleges hi,

 

i am facing a strange situation. Cannot login to any site as you can see from the below pictures the destination is not blocked just inspected. This happens to every site i am trying to browse. Please assist! Thank you

tempsnip.jpg

https inspection 1.JPG

0 Kudos
9 Replies
HeikoAnkenbrand
Champion Champion
Champion

You need to install the root certificate from SMS (SmartConsole) in the browser.

> Gateway & Service > [Gateway] > HTTPS Inspection

320FE9FC-BB1D-407B-B453-5B497F398B54.jpeg

Now download the root certificate.

More read here:  Performance Tuning Tip - SNI vs. https inspection

 

➜ CCSM Elite, CCME, CCTE
0 Kudos
Netadmin2020
Collaborator

Firstly I want to thank you for your clear answer! This is not the issue cause the certificate is already implemented on all workstations via group policy and secondly. I made a test: I create a https bypass rule to a specific destination and the result was the same. Check the below image :I can see the Microsoft Bing search and the Microsoft Bing itself is "secured" but I cant login to any sites.

 

0 Kudos
Vincent_Bacher
Advisor
Advisor

Would be interesting if the provided certificate is really from your appliance or from original webserver.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
PhoneBoy
Admin
Admin

What precisely is your HTTPS Inspection policy?
The behavior you’re seeing suggests that the Check Point gateway and the sites you’re connecting to can’t agree on ciphers.
There should be some message in the logs explaining what’s happening.
For the sites you are able to connect to, did you validate the TLS certificate to see who signed it?
Probably a good idea to open a TAC case here also.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Please review your symptoms against  sk170332 

CCSM R77/R80/ELITE
0 Kudos
Netadmin2020
Collaborator

I have made a user group in AD (users interest access). There I add whoever want to have access via checkpoint. The https inspection policy is the below:

https.JPG

 

our current hotfix is: Check_Point_R80_30_JUMBO_HF_Bundle_T219_sk153152

 

0 Kudos
Netadmin2020
Collaborator

Below is bypass inspection rule that I am using 

ok.JPG

 

I am open about your opinions

0 Kudos
Netadmin2020
Collaborator

I managed to optimize the most but I have an issue eg with Facebook and YouTube URL Filtering. 

face.JPG

I have the Social Networking Category & Media Streamers  included to General Block Categories but with no success. Https inspection is enabled. Trusted CA are updated.

Users are not listed in the social networking and the media streamers group are able to login on both (facebook,youtube) but images on Facebook are not showing right and videos at YouTube are  not loading.

I just saw that the same thing is happening at linkedin.

 

Marry Christmas to all of you!

 

 

0 Kudos
Netadmin2020
Collaborator

check certificate:

inspect1.JPG

inspect2.JPG

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events