Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
790e4741-a1fe-4
Explorer

Checkpoint SG-1490

Have SG-1490 Appliance, locally managed. Have client PCs which go through the SG-1490 to internet.

I have SSL Inspection on and certificates installed on Clients. The Firewall is performing well, but there is an issue.

Normally if I go regular sites, there is no with opening sites, but for some Sites there comes a warning:

"there is a problem with this website’s security certificate"

which I think is as designed. 

But I need the SSL inspection to bypass the health category. I have marked on the appliance to bypass it, but the warning: "there is a problem with this website’s security certificate"

comes each time I visit the certain pages.

But I am focusing now on one certain page in Health category. I also installed the certificate of the page to the Firewall. I also set a rule in Exceptions for SSL with the inside users going to Internet, the Category health shall not be inspected.

But it is still bringing the Warning.

It is annoying for users.

Can you please help solving the issue?

Thank you

0 Kudos
4 Replies
G_W_Albrecht
Legend Legend
Legend

I would suggest to post this in SMB and SMP ! Concerning you issue: If this warning only comes when connecting thru the GW i would involve TAC !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
PhoneBoy
Admin
Admin

A screenshot of the exact warning as well as the SSL certificate being presented in this case would be helpful. 

0 Kudos
HristoGrigorov

This is a common mistake when dealing with HTTPS Inspection. For the category to be determined, site certificate must be inspected and successful SSL handshake to be established. Bypassing category does not mean HTTPS inspection won't be performed at all. You could try to bypass the site by IP until you figure out what's wrong with certificate. Just make sure bypass by IP rule is on top of all others. 

Marko_Grmek
Participant

I have reached the customer now.

We installed an update and now its working as it should.  Now he can bypass categories and sites.

 

Problem solved. thank you.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events