Hi, I'm trying to use inbound https inspection with site category but I'm getting this error:
Internal system error in HTTPS Inspection (Error Code: 2)
If I remove the site category the inspection works fine, but this is not an option for me since all of my domains points to the same webserver.
My goal is to create a custom site+rule with the corresponding certificate for every domain.
This is the rule:
I'm using a non-standard port since the gateway is in AWS and the traffic is received from a load balancer. I have added the port in the Application Control & URL filtering Advanced Settings but the error persist.
It's necessary to enable the Application Control and/or URL filtering blades on the gateway for this to work? When I have tryed it I get the error "URL filtering blade is not responding" and I can not install policy.
Any hint will be apprecieted, thank you
Regards
Alex
OK, now I have to find the reason why I can not activate the blade...
Thank you!
EDIT: I dont know why but at second attempt I have been able to install policy and the error is gone. Now I have the Application control blade enabled but I'm still getting the "Internal system error in HTTPS Inspection (Error Code: 2)" message.
I keep investigating.
It's working.
I leave here my experience in case it is helpful to someone else:
I'm not sure if the fact that our web server works with SNI / virtualhost affects inspection in some way but, in my case, the inspection only works with Application Control and URL Filtering blades both enabled.
Only with AC I get Internal system error in HTTPS Inspection (Error Code: 2)
Trying to only enable URL Filtering the policy installation fails with "Policy installation failed on gateway. If the problem persists contact Check Point support (Error code: 0-2000112)."
With both enabled, the inspection is working and the IPS is blocking correctly the HTTPS urls that match the IPS protections.
Now I'm stepping forward testing with two domains/rules:
When I test the first domain, the first rule matches the traffic and does the inspection.
When I test the second domain, the second rule does not match the traffic.
I'll keep updating.
| User | Count |
|---|---|
| 9 | |
| 9 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 |
Tue 08 Jul 2025 @ 03:00 PM (CEST)
The Rise of Hybrid SASE: Beyond Cloud-Only Security Solutions EMEATue 08 Jul 2025 @ 05:00 PM (CEST)
Under the Hood: CloudGuard WAF API Security - Overview, Onboarding, and Best PracticesWed 16 Jul 2025 @ 10:00 AM (CEST)
Master GCP Security with the Cloud Architects Series (Multilingual Webinar)Wed 16 Jul 2025 @ 04:00 PM (CEST)
Operationalizing Threat Intelligence, Part II: Threat Hunting & Incident ResponseTue 08 Jul 2025 @ 03:00 PM (CEST)
The Rise of Hybrid SASE: Beyond Cloud-Only Security Solutions EMEATue 08 Jul 2025 @ 05:00 PM (CEST)
Under the Hood: CloudGuard WAF API Security - Overview, Onboarding, and Best PracticesWed 16 Jul 2025 @ 04:00 PM (CEST)
Operationalizing Threat Intelligence, Part II: Threat Hunting & Incident ResponseTue 22 Jul 2025 @ 10:00 AM (CEST)
Cyber Security Training in the Era of AI Threats: Managed SmartAwareness Explained - EMEA
