This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JPR
Contributor
2 hours ago

About "CPNotEnoughDataForRuleMatch" and connection reset

Hi there,

I've (partly) asked about this before (https://community.checkpoint.com/t5/Security-Gateways/quot-CPNotEnoughDataForRuleMatch-quot-and-quot...), but now I have another related question regarding this behvavior.

I have a service that connects to an external ip address, but every time the connection gets terminated by a reset from the destination. The log in my firewall says "Accept", however, it is getting  "terminated before the Security Gateway was able to make a decision: No SSL applicative data."  ("CPNotEnoughDataForRuleMatch").

As I got told in my other post (see link above) the behavior is by design and expected, however, I do have a question to why it happens.

The connection in question gets HTTPS Inspected and the log is as follows:

httpsi.jpg

And the "Accept" ("CPNotEnoughDataForRuleMatch") log looks as below:

accept.jpg

I tried to establish the connection with a Wireshark running on the client (not the firewall) and as far as I can see the handshake completes, but then it gets disconnected by a reset from the destination:

ws.jpg

I have the same service on another endpoint WITHOUT HTTPS Inspection and there it connects fine.

So my question is: Is it possible that the packet somehow gets "malformed" in the HTTPS Inspection process and therefore the destination sends a reset back to us and kills the connection? Or is something different going on? I really can't figure it out!

Looking forward to your comments 🙂

Thanks!

0 Kudos
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events