This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Santosh_Pandey
Explorer
‎2018-10-11 12:11 AM

Https traffic passes through default route only and not static route when https inspection is switched on.

Hi, 

we have a 750 device with three internet connection on load sharing mode. Two of the three internet act as default route and one is not used as default route as i have cleared route traffic through this connection in properties. i have created a static route for a host with points to the internet connection not participating in load sharing. Https inspection blade is enabled on the device. now when we test traffic routing on that host we find that all traffic except https traffic routes as desired from the specified interface as per static route, but when we exclude https inspection from that host then https traffic routes perfectly as well. not able for figure out why this happens. need help on this as we need to route few host from that particular link for all traffics. 

0 Kudos
10 Replies
G_W_Albrecht
Legend Legend
Legend
‎2018-10-11 01:51 AM

I would involve TAC - the ISP configuration is as the Admin Guide suggests and SSL Inspection should not change routing Smiley Sad !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Santosh_Pandey
Explorer
‎2018-10-11 02:17 AM

Thanks a lot Albrecht for the response, will take up this issue will TAC.

0 Kudos
Santosh_Pandey
Explorer
‎2018-10-11 05:14 AM

Took the issue with TAC, after investigating they found this issue as bug and have collected the required files for RND.

will keep you posted after on this as i get a solution from TAC. would like to thank Albrecht! once again for the suggestion.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-10-11 05:57 AM
In response to Santosh_Pandey

It did look like a bug for me, too - that was the reason i suggested TAC for resolving. I suppose firmware 77.20.80 is installed ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Santosh_Pandey
Explorer
‎2018-10-11 07:13 AM
In response to G_W_Albrecht

yes the mentioned firmware by you is installed. TAC tried with a firmware update build for some fixes relating to VLANed  WAN but that did not help, so finally they took the CPfile for lab test and RND. 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-10-11 07:28 AM
In response to Santosh_Pandey

I wish good luck then and hope the issue is resolved asap!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Santosh_Pandey
Explorer
‎2018-10-11 07:51 AM
In response to G_W_Albrecht

Thanks!!

0 Kudos
Pedro_Espindola
Advisor
‎2018-10-11 02:17 PM
In response to Santosh_Pandey

Man! I had some routing issues that I couldn't understand. Now that you mention, I believe my problem is also related to HTTPS Inspection.

I even posted a question about it here: PBRs and ISP redundancy on SMB appliances

Thank you, Santosh!

0 Kudos
Santosh_Pandey
Explorer
‎2018-10-12 12:01 AM
In response to Pedro_Espindola

Thanks mate, will keep you posted once i hear from TAC. It took a while to figure out the routing issue due to https inspection, all started because i was not getting desired vpn throughput as the vpn return packet were getting routed through default route. that summoned me to do a static routing and force return path of the vpn packets through the desired link then i figured out that all https trafic destined for port 443 is routing through default route only.Being new to Checkpoint i thought this may be due some configuration or advance settings, so i posted it here and as suggested by Gunther took it with TAC.

0 Kudos
Santosh_Pandey
Explorer
‎2018-11-16 01:45 AM

Hello Mates, i would like to update that the issue is resolved as TAC provided me the firmware version R77.20.81 build(990172537), after which static routing is working fine with SSL inspection switched on.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events