This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
Legend
Legend
‎2021-08-25 05:21 PM

HTTPS inspection block page issue

Hey everyone,

 

I hope someone can shed some light on this and provide some suggestions : ). So, here is the situation.

Customer has R81 mgmt and R80.40 jumbo 120 HA cluster. All works fine, but for some odd reason, with https inspection enabled, pages are blocked as per desired categories, BUT, user check block page seems to work super random. So say you go to gambling site, it gets blocked on chrome, but not on safari on mac...then on windows, its also very random, really depends site you go to if blocked page notification comes up or not.

We verified all the rules, logs show correct action and categories, so Im really not sure how to troubleshoot this. We do have TAC case, but wanted to do proper testing myself first.

 

Not sure if this info is worth much, but say if you try facebook.com, it simply shows connection was reset, yet log shows facebook is blocked according to right rule. 

 

If someone could give any suggestions/guidance on this, would be greatly appreciated!!

 

Thanks as always.

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2021-08-25 06:20 PM

All of that sounds like some pages are NOT getting HTTPS Inspection applied as that is required for the block page to show up.
If HTTPS Inspection isn't enabled, or isn't happening for some reason, the only option to block a connection is a TCP RST.

0 Kudos
the_rock
Legend
Legend
‎2021-08-25 06:30 PM
In response to PhoneBoy

I agree with you 100%, but the question is why...any good approach to this behavior?

 

Thanks as always.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-08-25 06:39 PM
In response to the_rock

If it were me, I'd probably be looking at debugging wstlsd.
TAC may have some other suggestions as well.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

the_rock
Legend
Legend
‎2021-08-25 06:41 PM
In response to PhoneBoy

That sounds good...I may call into TAC tomorrow to see if they have any other suggestions. Tx!

 

A.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events