Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

site blocked ....internet server reset connection

Hi everyone, I've some cases, but I'll post each one separetelly.

I opened traffic to load images from arduino.cc site. Arduino use flickr service to show its images inside the portal.
First I tried with * .flickr.com and *.staticflickr.com, something similar worked well with other sites, but unfortunately this time it did not work. After a few hours I resolved it with regular expressions:

(^ |. * \.) * staticflickr \ .com
(^ |. * \.) * flickr \ .com

Now I try to open traffic to www.manageengine.com, but no custom application works properly:

* .manageengine.com
manageengine.com
(^ |. * \.) * manageengine \ .com (this as a regular expression in another app)
The browser sends an error ERR_CONNECTION_RESET.

In wireshark I can see that the manageengine.com server resets the connection.

If I open all internet traffic to single local ip address, www.manageengine.com load without problem in that host. 

What am I doing wrong? Why in some cases did it work for me and not in this one?

error-manageengine.png

0 Kudos
2 Replies
Highlighted
Admin
Admin

It has to do with the certificate provided by manageengine.com.
Specifically, it's not providing a CN or DN for us to match against.
And, unless you're either using HTTPS Inspection or R80.30, we can't see what server you're trying to connect to (R80.30 supports Verified SNI).
The RST is because it's HTTPS and we cannot inject a block page.

Perhaps you can create a signature using the Application Control Signature Tool instead.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos
Highlighted
Nickel

I use https categorization, so if I understand correctly, the FW in this configuration can compare the SUBJECT | CN property, but it does not verify the SUBJECT ALT NAME, where the domain of the site I want to access resides, and therefore the browser complains indicating that a secure connection could not be established (SECURE CONNECTION FAILED .... enfirefox) ... please confirm if I am correct.

My options are:
use the Application Control Signature Tool and test it.
Activate https inspection

I already verified with https inspection and yes it works. I want to try the first option too.

I notified you after the result.

0 Kudos