This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AaronCP
Advisor
‎2021-12-13 10:08 AM

HTTPS Inspection bypass issue

Good evening,

 

I'm assisting a colleague with the set up of Remote Help (an app that works with InTune). When I install the client on my personal device from home (we use a split-tunnelling VPN that is configured to send Microsoft traffic via the users' local LAN), I can connect the client to Microsoft without any issues. When I attempt to do the same on a test host on-prem, the client fails to connect.

 

I have configured a test rule in the Access Control policy to allow access from this host to all of the relevant Microsoft domains using domain objects. I have also added a HTTPS Inspection bypass rule at the top of the HTTPS Inspection policy for this host. I can see in the logs that the traffic is hitting the correct Access Control and HTTPS Inspection bypass policies, but the client still fails to connect.

 

I have used the HTTPS Inspection bypass list (SK163595) but this hasn't helped either.

 

I am wondering if there is a way to totally bypass the HTTPS Inspection module altogether in R80.40?

 

Any advice/help on this would be much appreciated!

 

Thanks,

 

Aaron.

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2021-12-13 01:04 PM

A bypass rule should do it provided it is correctly done.
However the issue may have nothing to do with HTTPS Inspection.
You might need to debug this issue in the application having trouble to determine what the precise issue is.

0 Kudos
AaronCP
Advisor
‎2021-12-14 12:31 PM
In response to PhoneBoy

Hi @PhoneBoy 

 

Is there any way in R80.40 to bypass the HTTPS Inspection module entirely? I don't want any packets in the connection hitting the HTTPS Inspection blade. I know I can use bypass rules, or specific HTTPS bypass updatable objects, but I wonder if there's any way of circumnavigating the whole module?

 

Thanks,

 

Aaron.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-12-14 10:09 PM
In response to AaronCP

Short of disabling it entirely? Not that I'm aware of.

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2021-12-15 05:01 AM
In response to AaronCP

You could try matching the problematic traffic using fast_accel, this would fastpath the traffic through SecureXL which performs minimal inspection and cannot do HTTPS Inspection.  sk156672: SecureXL Fast Accelerator (fw fast_accel) for R80.20 and above

However I concur with Phoneboy that you'll probably need to gain more understanding about what is going wrong with the application, probably with some packet captures.

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events