This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alejandro_Ferna
Explorer
‎2020-05-13 03:33 AM

Inbound HTTPS inspection with Site Category

Hi, I'm trying to use inbound https inspection with site category but I'm getting this error:

 

Internal system error in HTTPS Inspection (Error Code: 2)

 

If I remove the site category the inspection works fine, but this is not an option for me since all of my domains points to the same webserver.

My goal is to create a custom site+rule with the corresponding certificate for every domain.

This is the rule:

Captura de pantalla 2020-05-13 a las 12.07.57.png

I'm using a non-standard port since the gateway is in AWS and the traffic is received from a load balancer. I have added the port in the Application Control & URL filtering Advanced Settings but the error persist.

It's necessary to enable the Application Control and/or URL filtering blades on the gateway for this to work? When I have tryed it I get the error "URL filtering blade is not responding" and I can not install policy.

 

Any hint will be apprecieted, thank you

Regards

Alex

 

 

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2020-05-14 10:49 AM

Custom Applications/Sites require either App Control OR URL Filtering blade to be active.
For this specific use case, App Control is better.
0 Kudos
Alejandro_Ferna
Explorer
‎2020-05-15 12:16 AM
In response to PhoneBoy

OK, now I have to find the reason why I can not activate the blade...

Captura de pantalla 2020-05-15 a las 9.13.07.png

Thank you!

 

EDIT: I dont know why but at second attempt I have been able to install policy and the error is gone. Now I have the Application control blade enabled but I'm still getting the "Internal system error in HTTPS Inspection (Error Code: 2)" message.

I keep investigating.

 

0 Kudos
Alejandro_Ferna
Explorer
‎2020-05-15 04:41 AM
In response to PhoneBoy

It's working.

I leave here my experience in case it is helpful to someone else:

I'm not sure if the fact that our web server works with SNI / virtualhost affects inspection in some way but, in my case, the inspection only works with Application Control and URL Filtering blades both enabled.

Only with AC I get Internal system error in HTTPS Inspection (Error Code: 2)

Trying to only enable URL Filtering the policy installation fails with "Policy installation failed on gateway. If the problem persists contact Check Point support (Error code: 0-2000112)."

With both enabled, the inspection is working and the IPS is blocking correctly the HTTPS urls that match the IPS protections.

 

Now I'm stepping forward testing with two domains/rules:

Captura de pantalla 2020-05-15 a las 13.35.27.png

When I test the first domain, the first rule matches the traffic and does the inspection.
When I test the second domain, the second rule does not match the traffic.

I'll keep updating.

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2020-05-15 05:50 AM
In response to Alejandro_Ferna

Not surprised, the APCL and URLF blades while separate, are heavily intertwined in both policy configuration and implementation since R75.40.  I've seen some odd behavior in my training lab when trying to enable only one of them.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
PhoneBoy
Admin
Admin
‎2020-05-15 12:42 PM
In response to Alejandro_Ferna

That sounds like a bug and is probably worth a TAC case (only having APCL and not URLF enabled results in error).
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events