Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
fsanchezwtu
Explorer

HTTPS Inspection R81.10 No Navigation

Hi to all.

Im trying to setup a proxy on my R81.10.

I already followed this documentation: 

How to configure Check Point Security Gateway as HTTP/HTTPS Proxy

And i have created an implied rule for a test machine with some categorys.

 

I dont know how to proceed on my test machine.

I already tryied to setup a manual Proxy and i dont have any navigation at all.

What can i do? Is there a client to install or something im missing?

0 Kudos
10 Replies
the_rock
Legend
Legend

I actually did this in the lab back before R80 and it did work. When you say no navigation, can you clarify what you mean by that exactly?

Andy

0 Kudos
G_W_Albrecht
Legend
Legend

Remember that it is not a good idea to use a CP GW as a proxy - there are alternatives that run nearly everywhere, and as listed in sk110013, proxy use limits TP capabilities of the GW much, besides also having a large performance impact (see sk92482 for the reasons).

CCSE CCTE CCSM SMB Specialist
_Val_
Admin
Admin

This is not what @fsanchezwtu is asking, respectfully 🙂

0 Kudos
_Val_
Admin
Admin

Please share your proxy setting on the FW object, your rulebase, and your client proxy settings here. Also, is your FW able to access internet?

0 Kudos
fsanchezwtu
Explorer

Ok. So i manage to Make it work... kind off.

But now i have another issue.

I have a rule with  Internet to a whole network (Rule 108) and i have 3 more subrules.

In 2 of them i have an AD group with particular navigation policies (Rules 108.1 and 108.2)

The final Subrule (108.3) has a blocked categories such as Porn and Sex.

When i made some tests it doesnt allow me to access blocked websites but. is not showing the blocked message. It only shows the message "Hmmm... can´t reah this page"

I have attached an example of the Policy to understand more clarily my situation

Anyone has any idea how to solve this?

 

P.D: Sorry about my english

 

 

 

0 Kudos
PhoneBoy
Admin
Admin

One cannot display a block page for an HTTPS website unless HTTPS Inspection is enabled.
Otherwise, what you're seeing is expected behavior.

fsanchezwtu
Explorer

My Blade of https inspection is enabled.

I dont uderstand why im some examples im receiving the block message and others dont.

 

0 Kudos
the_rock
Legend
Legend

Okay, fair enough...give example of ones failing to show block page, I can test them on my lab windows 10 with inspection enabled.

Andy

0 Kudos
Sorin_Gogean
Advisor

Hi,

So, first of all, I would recommend to get the Block first, then the allowed categories.

Now, try to run a test from an machine, to an Website using HTTP, and in FWL logs, you should see a Firewall log and then an Redirect log ; since the site is Blocked. 

If all good with HTTP, try with and HTTPS and in FWL logs, you should see the same, an Firewall log, then an Inspection log and then an Redirect log.

 

Ty,

PS: can you show a screenshot of the browser error - with address-bar included.

Maybe it's saying that it can't reach the portal you redirected to ....

0 Kudos
the_rock
Legend
Legend

Sir @PhoneBoy is correct as always, you can NOT get block page if inspection blade is off, it will never work.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events