This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
790e4741-a1fe-4
Explorer
‎2019-03-08 12:44 AM

Checkpoint SG-1490

Have SG-1490 Appliance, locally managed. Have client PCs which go through the SG-1490 to internet.

I have SSL Inspection on and certificates installed on Clients. The Firewall is performing well, but there is an issue.

Normally if I go regular sites, there is no with opening sites, but for some Sites there comes a warning:

"there is a problem with this website’s security certificate"

which I think is as designed. 

But I need the SSL inspection to bypass the health category. I have marked on the appliance to bypass it, but the warning: "there is a problem with this website’s security certificate"

comes each time I visit the certain pages.

But I am focusing now on one certain page in Health category. I also installed the certificate of the page to the Firewall. I also set a rule in Exceptions for SSL with the inside users going to Internet, the Category health shall not be inspected.

But it is still bringing the Warning.

It is annoying for users.

Can you please help solving the issue?

Thank you

0 Kudos
4 Replies
G_W_Albrecht
Legend Legend
Legend
‎2019-03-08 03:58 AM

I would suggest to post this in SMB and SMP ! Concerning you issue: If this warning only comes when connecting thru the GW i would involve TAC !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
PhoneBoy
Admin
Admin
‎2019-03-09 07:56 AM

A screenshot of the exact warning as well as the SSL certificate being presented in this case would be helpful. 

0 Kudos
HristoGrigorov
Mentor
Mentor
‎2019-03-10 11:04 AM

This is a common mistake when dealing with HTTPS Inspection. For the category to be determined, site certificate must be inspected and successful SSL handshake to be established. Bypassing category does not mean HTTPS inspection won't be performed at all. You could try to bypass the site by IP until you figure out what's wrong with certificate. Just make sure bypass by IP rule is on top of all others. 

Marko_Grmek
Participant
‎2019-04-25 06:18 AM
In response to HristoGrigorov

I have reached the customer now.

We installed an update and now its working as it should.  Now he can bypass categories and sites.

 

Problem solved. thank you.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top