Issue on matching rules after upgrading to 81.10

Netadmin2020 · ‎2022-03-24

Hello guys,

after upgrading our gateways and secure management server to 81.10, there is suddenly a matching issue. I am attaching images.

Rules we working appropriate before the update. What are you proposing in this case? (images attached)

and in some cases I am seeing these:

Netadmin2020 · ‎2022-03-24

after going to 81.10, I am experiencing a new issue. Suddenly the is a matching issue on many destinations.Images attached.

Rules were working appropriate on 80.40...

G_W_Albrecht · ‎2022-03-25

I would suggest to contact TAC !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

PhoneBoy · ‎2022-03-25

Those drops are probably: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
The ones with HTTPS Inspection are probably related to the SNI probing we do to validate SNI (which can be spoofed).

Naama_Specktor · ‎2022-03-27

Hi @Netadmin2020

M name is Naama Specktor and I am checkpoint employee ,

If you opened a TAC SR , I will appreciate it if you will share the number .

thanks,

Naama

Netadmin2020 · ‎2022-03-27

I have already inform our partner for the current issue. I am little bit confused about https inspection and sni.Which is the best practice?

I am on 81.10, your proposal is to apply https bypass to everything and leave the sni to do the job?

PhoneBoy · ‎2022-03-28

HTTPS Inspection is needed to do full threat prevention and content inspection on encrypted traffic.

SNI is used to identify domains you are accessing without decrypting the connection.
It can also be used to determine whether or not a connection requires full HTTPS Inspection (i.e. as part of a bypass rule).

Are you a member of CheckMates?

Issue on matching rules after upgrading to 81.10