Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Checkpoint SG-1490

Have SG-1490 Appliance, locally managed. Have client PCs which go through the SG-1490 to internet.

I have SSL Inspection on and certificates installed on Clients. The Firewall is performing well, but there is an issue.

Normally if I go regular sites, there is no with opening sites, but for some Sites there comes a warning:

"there is a problem with this website’s security certificate"

which I think is as designed. 

But I need the SSL inspection to bypass the health category. I have marked on the appliance to bypass it, but the warning: "there is a problem with this website’s security certificate"

comes each time I visit the certain pages.

But I am focusing now on one certain page in Health category. I also installed the certificate of the page to the Firewall. I also set a rule in Exceptions for SSL with the inside users going to Internet, the Category health shall not be inspected.

But it is still bringing the Warning.

It is annoying for users.

Can you please help solving the issue?

Thank you

0 Kudos
4 Replies
Highlighted
Sapphire

Re: Checkpoint SG-1490

I would suggest to post this in SMB and SMP ! Concerning you issue: If this warning only comes when connecting thru the GW i would involve TAC !

Highlighted
Admin
Admin

Re: Checkpoint SG-1490

A screenshot of the exact warning as well as the SSL certificate being presented in this case would be helpful. 

0 Kudos
Highlighted
Platinum

Re: Checkpoint SG-1490

This is a common mistake when dealing with HTTPS Inspection. For the category to be determined, site certificate must be inspected and successful SSL handshake to be established. Bypassing category does not mean HTTPS inspection won't be performed at all. You could try to bypass the site by IP until you figure out what's wrong with certificate. Just make sure bypass by IP rule is on top of all others. 

Highlighted

Re: Checkpoint SG-1490

I have reached the customer now.

We installed an update and now its working as it should.  Now he can bypass categories and sites.

 

Problem solved. thank you.