@PhoneBoy thanks for mention of upcoming session.  this is good.   

Since R80.30 has been "GA" for months and R80.40 already in "EA", I would expect to find some mature documentation to leverage the R80.30-specific HTTPS inspection features, best practices for tuning and performance, etc.    

side topic:  is there a content mgmt engine behind the current CP knowledgebase?  Is it a commercial solution of CP authored solution?   My assumption is that any SK where authors are nice enough to add "revision history" is simply an ad hoc entry.  

Wouldn't it be nice to have the revision history automated and auto-maintained at bottom of all articles? 

The biggest change in R80.30 is the addition of support for SNI as well as a few additional ciphers.
This actually resolves a lot of the long-standing issues we've had with HTTPS Inspection (specifically around bypass rules) as well as improves App Control and URL Filtering substantially.
The Best Practices really haven't changed much from sk108202.

Internally, the SK system has revision history.
We don't expose this publicly for various reasons, though specific SKs do have a manually maintained revision history.

hello -- the statement  "This sk is not relevant to R80.30" was a copy/paste directly from the SK.

It's laughable some oneone @ CP updated the doc, removed the statement, and didn't update the revision history.   

Another word of caution.   If you use the revision history alone, there should be various red flags since last supposed edit was  [19 June 2017], which was before R80.20 (and many of the "newer" HTTPS inspection features for which I want "best practice" details -- use, performance, etc).   A reminder that various performance enhancements and features were recently available as hotfix to R80.20 (and maybe R80.10).   They are now native to R80.30.   

I have seen various comments by folks, including @Dorit_Dor, to avoid R80.10 because it's "inferior" compared to newer releases (so I'm effectively ignoring that gateway release for this discussion).

Hi Sir,

Regarding your comment:

 the statement  "This sk is not relevant to R80.30" was a copy/paste directly from the SK.

It's laughable some oneone @ CP updated the doc, removed the statement, and didn't update the revision history.   

I suspect you might be confusing this sk with a different one. The sk was last modified in February 2019 and it never included the statement This sk is not relevant to R80.30.

If you indeed confused this sk with a different one, please send me the correct SK ID and I will further look into this.

I will state, when reviewing the article, I don't find the mention about the version. That being said, when reading through, all the references seem to be associated with R77.30 and below (e.g. enhancements are based on R77.30). Additionally, all the linked documentation is for versions R77.30 or lower.

Going back to the OPs question, is there an updated version of this article that describes the enhancements for versions R80.10 and greater? If not, will there be? Are we relegated to researching all the release notes for each version to determine this? 

Hmmm.. That specific phrase, "This sk is not relevant to R80.30", can be found in sk104717: HTTPS Inspection Enhancements in R77.30 and above.

SK104717 is th e only hit I get from Google, other than this community discussion.

It does kind of make you wonder: shouldn't SK104717 be updated so that it does apply to R80.30 and above?

Just to clarify the items mentioned as enhancements in sk104717 with respect to R80.30:

• SSL Handshake Acceleration - on by default in R80.30
• Perfect Forward Secrecy (PFS) - on by default since R80.30
• Support for AES-GCM - still supported in R80.30
• Probe Bypass - replaced by a different and better implementation in R80.30
• HTTPS Inspection Test Mode - not relevant for production traffic

In any case, seems like a R80.30 specific SK on this topic might be warranted.

hello and thanks @PhoneBoy 

agreed on the separate HTTPS inspection SK (config, features, and tuning) especially considering R80.40 has further "enhancements" (or enchantments... lol). 

Hey @Dale_Lobb  you are absolutely correct.  I will update original post with clarification of my mistake. 

The underlying issues:   

1. HTTPS inspection will be ongoing issue in 2020 and beyond.  ever increasing % of total traffic.    problematic PKI issue for roll-out.   BYOD problems. 
2. more and more of effectiveness of CP threat prevention features will rely in HTTPS inspection.
3. CP doesn't charge for HTTPS inspection (nor should they) but because of this they seem to leave feature/how-to/best-practice documentation updates in low priority. 

Compare the following and neither updated for R80.30.   one specifically states it's NOT for R80.30.   This means customers (and resellers) have to call support for insight.  that's not good... 

From my reseller eyes, I always ask myself "how would the competition position against this?"   CP is making it too easy (for the competition).

@Ronen_Zel at least some of this should still apply to R80.30.

A new sk for R80.x is currently being worked on by the SK Team and should be published soon.

Thank you all for bringing this to our attention.

Hi,

Are they writting a New sk ? 

Or updating HTTPS inspection best practice sk ?