Hi,
I have an issue with R80.10 Jumbo 275 on a Security Gateway.
I need that a server has only access to a specific URL (let's say https://www.perdu.com) without SSL inspection.
I've created an APP CTRL Rule allowing only the server to this specific site and a rule to bypass SSL inspection.
Below rule 4, the rule 5 is denying anything else.
For some reason I can see that the SSL rule is matched (bypass) but the APP CTRL rule is not matched correctly and the request is Droped when I use SSL. With HTTP it is working fine.
The Probe Bypass is conifugred that way [Expert@firewall:0]# fw ctl get int enhanced_ssl_inspection
enhanced_ssl_inspection = 1
[Expert@firewall:0]# fw ctl get int bypass_on_enhanced_ssl_inspection
bypass_on_enhanced_ssl_inspection = 0
[Expert@firewall:0]#
I think it has something to do with the fact that I am not doing SSL insepction, and that the gateway can't find the server name.
Any ideas how I can deal witht his config. Of couse I don't want to add the IP addess of the web server as it may change over time
Thank you
| User | Count |
|---|---|
| 14 | |
| 10 | |
| 8 | |
| 6 | |
| 5 | |
| 5 | |
| 3 | |
| 3 | |
| 3 | |
| 3 |
Thu 25 Apr 2024 @ 11:00 AM (CEST)
CheckMates in Russian - Возможности и риски искусственного интеллектаThu 25 Apr 2024 @ 11:00 AM (CEST)
CheckMates in Russian - Возможности и риски искусственного интеллектаThu 02 May 2024 @ 10:00 AM (CEST)
CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?Thu 02 May 2024 @ 04:00 PM (CEST)
CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
