This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
hw
Explorer
‎2020-05-25 06:18 AM

Https Inspection Bypass - checkpoint capsule connect

Hello,

we use the Checkpoint Caspusle Connect Client (Cloud Firewall) with HTTPS Inspection enabled and wanted to call the URL https://www.xing.com. However when the cloud client is connected, we can't call this URL. We only get the notification, that the site is not available. When we disconnect the cloud client, we can call this URL without any problem.

So we tried to bypass this site from the HTTPS inspection (*.xing.com in the cloud portal) however this also doesn't work. So we tried to analyse the traffic with "Fiddler" and there we see that the HTTPS handshake to www.xing.com failed, because the stream was closed. 

It seems that the https bypass not really works. Does anybody know how we can bypass the traffic to xing?

Best regards

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2020-05-25 01:31 PM

Recommend a TAC case.
I suspect (without having done the troubleshooting) that there is an incompatibility with TLS ciphers between this site and what is supported by the Capsule Cloud infrastructure.
In this case, the only way a bypass would work is if you bypass the site by IP address.
0 Kudos
hw
Explorer
‎2020-05-25 09:38 PM
In response to PhoneBoy

Thanks for the answer. I will open a checkpoint case.

0 Kudos
Bekir_Aldemir2
Explorer
‎2020-06-23 10:35 AM
In response to hw

Not sure if you solved the issue already but for others who may come across the same problem, Check Point Capsule Connect doesn't support IP addresses in https inspection bypass rules. The quickest way to solve this is to exclude the IP / URL from web management interface (cloud.checkpoint.com)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events