This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
CaseyB
Advisor
‎2024-08-01 07:02 AM
Jump to solution

HTTPS Inspection Bypass

Running into an issue where I need to bypass HTTPS inspection (R81.10 JHF 150); however, this is the URL:

https://eka-prod-xxx.s3-eu-west-1.amazonaws.com - xxx is the wildcard. Is there a good way to handle this?

The full URL in this case ended up being:

eka-prod-survey-binaries-active-bucket-e1lw1wtq8m9jg38i.s3.eu-west-1.amazonaws.com

0 Kudos
1 Solution

Accepted Solutions
the_rock
MVP Platinum
MVP Platinum
‎2024-08-01 08:50 AM
In response to CaseyB
Jump to solution

Easy peasy...just add *eka-prod* as wild card, thats what I did, no issues.

Andy

Best,
Andy

View solution in original post

6 Replies
the_rock
MVP Platinum
MVP Platinum
‎2024-08-01 07:23 AM
Jump to solution

I just tested in the lab and worked fine, added to bypass rule like below.

Andy

 

Screenshot_1.png

Best,
Andy
0 Kudos
CaseyB
Advisor
‎2024-08-01 08:41 AM
In response to the_rock
Jump to solution

https://eka-prod-xxx.s3-eu-west-1.amazonaws.com/ isn't the actual URL it is using though, XXX is a placeholder for numerous other names.

2024-08-01 10_38_11-192.168.183.205-R81.10-SmartConsole.png

I could add the highlighted URL to resolve the issue, but that section is dynamic and will be something else later. That's why I need to be able to do some sort of wildcard for the XXX portion of https://eka-prod-xxx.s3-eu-west-1.amazonaws.com/.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-08-01 08:50 AM
In response to CaseyB
Jump to solution

Easy peasy...just add *eka-prod* as wild card, thats what I did, no issues.

Andy

Best,
Andy
CaseyB
Advisor
‎2024-08-01 09:12 AM
In response to the_rock
Jump to solution

Ah, perfect, thanks! I forgot about the * wildcard option within custom Application/Site.

2024-08-01 11_09_59-192.168.183.205-R81.10-SmartConsole.png

the_rock
MVP Platinum
MVP Platinum
‎2024-08-01 09:14 AM
In response to CaseyB
Jump to solution

All good...we are here to help 🙂

Andy

Best,
Andy
0 Kudos
PhoneBoy
Admin
Admin
‎2024-08-16 12:42 PM
Jump to solution

For run (and research purposes), I asked AI Copilot this question.
Here's a more verbose answer:

To handle bypassing HTTPS inspection for URLs with wildcards, such as the one you provided, you can use the following approach:

Solution: Bypass HTTPS Inspection Using Wildcards

  1. Create a Custom Application/Site Object:

    • Open SmartConsole.
    • Go to Security Policies.
    • Click on Application/Site under Shared Objects.
    • Click New > Application/Site.
    • Name the object (e.g.,AmazonS3Wildcard).
    • In the URL field, enter the wildcard URL:*.s3.eu-west-1.amazonaws.com.
    • Click OK to save the object.

  2. Create an HTTPS Inspection Bypass Rule:

    • In SmartConsole, go to Security Policies.
    • Click on HTTPS Inspection > Policy.
    • Add a new rule at the top of the policy:
      • Name: Bypass Amazon S3
      • Source: Any (or specify the relevant source if needed)
      • Destination: Add theAmazonS3Wildcardobject created earlier.
      • Services: HTTPS (or specify the relevant HTTPS services)
      • Action: Bypass
    • Click OK to save the rule.

  3. Install the Policy:

    • Install the Access Control policy to apply the changes.

Example Rule Configuration

Source Destination Services Action
Any AmazonS3Wildcard HTTPS Bypass

Important Notes:

  • Wildcard Handling: Ensure that the wildcard pattern correctly matches the URLs you intend to bypass.
  • Policy Order: Place the bypass rule at the top of the HTTPS Inspection policy to ensure it is matched before other rules.
  • Testing: After applying the policy, test accessing the URL to confirm that the bypass is working as expected.

By following these steps, you should be able to bypass HTTPS inspection for URLs with wildcards effectively. If you encounter any issues, please refer to the relevant Check Point documentation or contact Check Point support for further assistance.

BE AWARE
Important - To prevent negative impact on your production environment, double-check the provided information in the Administration Guide for the involved product.
Learn more:
  1. sk112066 - How to troubleshoot an HTTPS Inspection issue
  2. sk122158 - Bypass by URL in HTTPS Inspection does not work when the site certificate is invalid
  3. sk178386 - Users cannot submit data to ELSTER (German tax authority) when HTTPS Inspection is enable...
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events