Hi,
I have an issue with R80.10 Jumbo 275 on a Security Gateway.
I need that a server has only access to a specific URL (let's say https://www.perdu.com) without SSL inspection.
I've created an APP CTRL Rule allowing only the server to this specific site and a rule to bypass SSL inspection.
Below rule 4, the rule 5 is denying anything else.
For some reason I can see that the SSL rule is matched (bypass) but the APP CTRL rule is not matched correctly and the request is Droped when I use SSL. With HTTP it is working fine.
The Probe Bypass is conifugred that way [Expert@firewall:0]# fw ctl get int enhanced_ssl_inspection
enhanced_ssl_inspection = 1
[Expert@firewall:0]# fw ctl get int bypass_on_enhanced_ssl_inspection
bypass_on_enhanced_ssl_inspection = 0
[Expert@firewall:0]#
I think it has something to do with the fact that I am not doing SSL insepction, and that the gateway can't find the server name.
Any ideas how I can deal witht his config. Of couse I don't want to add the IP addess of the web server as it may change over time
Thank you
| User | Count |
|---|---|
| 39 | |
| 12 | |
| 9 | |
| 7 | |
| 6 | |
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 4 |
Tue 04 Mar 2025 @ 04:00 PM (CET)
Check Point | WIZ : Powering the Next Era of Cloud Security - EMEA & AMERICASTue 04 Mar 2025 @ 05:00 PM (PST)
Check Point | WIZ : Powering the Next Era of Cloud Security - AMERICAS & APACTue 11 Mar 2025 @ 05:00 PM (CDT)
Under the Hood: Configuring Site to Site VPN with Azure Virtual WAN and CloudGuard Network SecurityTue 04 Mar 2025 @ 04:00 PM (CET)
Check Point | WIZ : Powering the Next Era of Cloud Security - EMEA & AMERICASTue 11 Mar 2025 @ 05:00 PM (CDT)
Under the Hood: Configuring Site to Site VPN with Azure Virtual WAN and CloudGuard Network SecurityWed 12 Mar 2025 @ 06:00 PM (IST)
TechTalk: The Future of Browser Security: AI, Data Leaks & How to Stay Protected
.png "Wolfgang"){kind=avatar}
