cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Highlighted

Https traffic passes through default route only and not static route when https inspection is switched on.

Hi, 

we have a 750 device with three internet connection on load sharing mode. Two of the three internet act as default route and one is not used as default route as i have cleared route traffic through this connection in properties. i have created a static route for a host with points to the internet connection not participating in load sharing. Https inspection blade is enabled on the device. now when we test traffic routing on that host we find that all traffic except https traffic routes as desired from the specified interface as per static route, but when we exclude https inspection from that host then https traffic routes perfectly as well. not able for figure out why this happens. need help on this as we need to route few host from that particular link for all traffics. 

Tags (1)
0 Kudos
10 Replies

Re: Https traffic passes through default route only and not static route when https inspection is switched on.

I would involve TAC - the ISP configuration is as the Admin Guide suggests and SSL Inspection should not change routing Smiley Sad !

0 Kudos

Re: Https traffic passes through default route only and not static route when https inspection is switched on.

Thanks a lot Albrecht for the response, will take up this issue will TAC.

0 Kudos

Re: Https traffic passes through default route only and not static route when https inspection is switched on.

Took the issue with TAC, after investigating they found this issue as bug and have collected the required files for RND.

will keep you posted after on this as i get a solution from TAC. would like to thank Albrecht! once again for the suggestion.

0 Kudos

Re: Https traffic passes through default route only and not static route when https inspection is switched on.

It did look like a bug for me, too - that was the reason i suggested TAC for resolving. I suppose firmware 77.20.80 is installed ?

0 Kudos

Re: Https traffic passes through default route only and not static route when https inspection is switched on.

yes the mentioned firmware by you is installed. TAC tried with a firmware update build for some fixes relating to VLANed  WAN but that did not help, so finally they took the CPfile for lab test and RND. 

0 Kudos

Re: Https traffic passes through default route only and not static route when https inspection is switched on.

I wish good luck then and hope the issue is resolved asap!

0 Kudos

Re: Https traffic passes through default route only and not static route when https inspection is switched on.

Thanks!!

0 Kudos

Re: Https traffic passes through default route only and not static route when https inspection is switched on.

Man! I had some routing issues that I couldn't understand. Now that you mention, I believe my problem is also related to HTTPS Inspection.

I even posted a question about it here: PBRs and ISP redundancy on SMB appliances

Thank you, Santosh!

0 Kudos

Re: Https traffic passes through default route only and not static route when https inspection is switched on.

Thanks mate, will keep you posted once i hear from TAC. It took a while to figure out the routing issue due to https inspection, all started because i was not getting desired vpn throughput as the vpn return packet were getting routed through default route. that summoned me to do a static routing and force return path of the vpn packets through the desired link then i figured out that all https trafic destined for port 443 is routing through default route only.Being new to Checkpoint i thought this may be due some configuration or advance settings, so i posted it here and as suggested by Gunther took it with TAC.

0 Kudos

Re: Https traffic passes through default route only and not static route when https inspection is switched on.

Hello Mates, i would like to update that the issue is resolved as TAC provided me the firmware version R77.20.81 build(990172537), after which static routing is working fine with SSL inspection switched on.

0 Kudos