Thanks for your time and help.

You assume right, HTTPS Inspection is enabled:

My topology looks all right I think:

internalexternal

I also replaced the "Internet" object with "any" in my inspection policy, but doesn't change anything.

And I enabled URLF on the gateway and added URLF in category (in inspection rule).

Still no inspection happens.

Any other ideas left?

If you run ps -ef | grep wstlsd are there any wstlsd processes running?  If they are, please provide the log card for an accepted HTTPS connection that should have been inspected.  Either your Internet traffic is not traversing the firewall the way you think, or possibly the web traffic is using QUIC instead of HTTPS.  If there are no wstlsd process you have something still wrong in your config.

What code level and JHFA are you running, and have you tried other browser types to initiate traffic?

Edit: Corrected daemon name from wstld to wstlsd.

No there are no wstld processes running.

Internet traffic is definitely passing the firewall. Behind the firewall is another VM using host only adapter, which is directly connected to the internal interface. here some logs:

From these logs I would say it is using HTTPS (not QUIC). btw, the client is internet explorer which is afaik not using QUIC at all.

does the output below answer your question regarding code level and JHFA?

 if not, how can i provide you the information?

Thanks, Iko

i installed now chrome, to doublecheck, the problem is not the used protocol

my rulebase doesnt even allow QUIC, but HTTPS works like a charm. just not intercepted 😞

Sounds like you are in a virtual environment, if the firewall itself is a VM how many cores are allocated?  It needs to be at least 2 cores and 4GB of RAM (R81 minimum requirements), and it wouldn't surprise me if HTTPS Inspection would fail to operate unless there were at least 4 total cores (1/3 CoreXL split with dedicated functions per core so that 3 wstlsd process could be started in that case, as opposed to a 2-core setup with a 2/2 split and overlapping core functions).

While HTTPS Inspection is not itself a licensed feature, I assume you have a valid license installed otherwise?  cplic print

Try disabling HTTPS Inspection on the gateway object, publish and reinstall, then enable it again, publish and reinstall.  If it still doesn't work it will probably be time for a TAC case so they can run a debug and figure out why your firewall is essentially refusing to perform HTTPS Inspection.

2 Cores with 4 GB RAM is what i am using at the moment. Changed it to 4 cores now.

I am using a trial license:

gw-a7234c> cplic print
Host Expiration Features

=====================================================================
Check Point product trial period will expire in 13 days.
Until then, you will be able to use the complete Check Point Product Suite.
Please obtain a permanent license from Check Point User Center at:
https://usercenter.checkpoint.com/pub/usercenter/get_started.html
======================================================================

I disabled HTTP Inspection, published, reinstalled and re-enabled, published, reinstalled, but still no HTTPS inspection ongoing.

Am I allowed to open a TAC case with my trial license?

I don't see a way to open a TAC request with my trial license.

Sorry can't help you with opening a TAC case, try hitting up your Check Point SE.

For a standalone VM, I recommend at least 16GB.
8GB is the absolute minimum.

If that process is not running, something is definitely wrong. I remember once I had similar issue with the customer and it turned out to be a setting that was inadvertently changed in GUidbedit tool itself. Do you remember changing anything there at all? I will try to see if I can find what setting it was...

Got it...here is what I found in my notes (if you can check on this)

Make sure all SmartConsole connections are completely closed.
GuiDBedit > Other > ssl_inspection > general_confs_obj
The 'trusted_ca_certs_group' should refer to 'Recommended' from the same ssl_inspection table, so this must have been deleted on accident.
Simply right-click on the parameter > Edit, then in the Table drop-down select ssl_inspection and in the Object drop-down select Recommended
Save, close and then open SmartConsole and install policy

Hi the_rock, thanks for your advice. But I never changed anything with GuiDBedit.

The system I use is a fresh installation, and I just tried to setup HTTPS inspection in SmartConsole.

Anyway I verified it, the entry still exists

Any other advice?

in the meantime I will try my luck with a new installation ...

new installation has the exact same problem -> no wstld processes -> no https inspection 😭

That sucks...did you use same management server? Message me privately, I want to help you...we can do remote session when convenient.

I have a standalone gw and mgmt server on one virtual host. so I reinstalled everything from scratch today.

pm sent 😉 thank you

just a note to point it out: there was a typo 🙂

the process is called wstlsd

and that was running 😉

Thanks, I corrected it in my prior post.  I had a bit of a panic attack wondering if I had made the same mistake when mentioning that daemon in my book, but it was spelled correctly there.  😀

No points taken for spelling mistakes...I never met any IT person who was good speller, no offense : ))