Hi Val,

That's the thing - I have no rule that allows HTTPS access to the firewall object. I even created a rule that explicitly blocks HTTPS access to the firewall object from non-internal networks (i.e. added internal networks to the cell, and negate), but it made no difference.

Also, there are no HTTPS-related Implied rules.

Andy - the URL filtering blade is not enabled on this gateway. I believe it requires a license (?).

Look in the logs please, there should be something for this access. 

Everything on CP requires a license, haha. Anyway, the reason why I said to add object Internet to the rule is because "any" means internal stuff as well and you dont want to block that.

First, an emergency can be tackled with an evaluation license. Second, I do not believe it is something related to URL filtering, it is a different configuration issue.

Adding complexity and trying to block it with URL filtering does not make sense. Lt's figure out simple things first.

True, but I never said its URL filtering related anyway. The reaosn why I brought it up in the first place is due to being able to use object "Internet", you have to have URLF enabled, thats all.

But I agree, checking the logs would be a good idea to start with.

I am testing this with an external computer that has a fixed IP.

In the logs, there are a few DROPs, either because 'First packet isn't SYN', or 'Dropped by multiportal infrastructure'. However, I cannot see any ACCEPTs.

EDIT: Just to clarify, no Rule Name/Number is associated with these DROPs.

Seen that sk before, makes sense.

I want to give it a try but for some reason the utility fails to connect (make sure that the server is up and running etc.). SmartConsole works just fine from this very computer/user ☹️

Can you confirm that traffic from TCP 18190 is being received on your management server from the computer in question (e.g. with tcpdump)?