This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sunil_Sah
Explorer
‎2022-04-14 06:11 AM

Issue with Https inspection

 We are facing issue with https inspection for all url 

and getting below error logs due to this unable to access the urls

 

 

Internal system error in HTTPS Inspection due to categorization service timeout

The probe was unable to establish a TCP connection to the destination

 

Bypassing request as configured in engine settings of HTTPS Inspection

0 Kudos
11 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-04-14 06:21 AM

Please supply additional information and or contact TAC to investigate further.

At a minimum... when we're trusted CAs last updated and what Gateway version &:JHF?

CCSM R77/R80/ELITE
0 Kudos
AaronCP
Advisor
Advisor
‎2022-04-14 02:20 PM
In response to Chris_Atkinson

Hi @Chris_Atkinson,

 

Is there any impact of updating the trusted CA list? Does it remove any CA's for any reason? Or simply add new ones?

 

Our trusted CA list hasn't been updated for a while (at least 2 years) and I'm reluctant to do it without knowing what happens.

 

Sorry to hijack the thread! Any advice would be much appreciated.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-04-14 02:35 PM
In response to AaronCP

Its 100% safe. I have done it probably more than 100 times and never had a problem. 

Andy

Best,
Andy
"Have a great day and if its not, change it"
AaronCP
Advisor
Advisor
‎2022-04-14 03:02 PM
In response to the_rock

Thanks......again! 🙂

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-04-14 03:05 PM
In response to AaronCP

For you, no charge, except iphone charge...thats corny joke of the day ; - )

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-04-14 07:15 AM

How is below configured?

Andy

Screenshot_1.png

Screenshot_2.png

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
(1)
Julian_Sanchez
Collaborator
‎2022-06-14 08:53 AM
In response to the_rock

This is the best practices of configurations for R81.10? 

 

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-06-14 08:56 AM
In response to Julian_Sanchez

I believe so, its by default.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2022-04-14 07:27 AM

you might want to check this SK too (HTTPS Inspection log "Internal system error in HTTPS inspection due to categorization service error" in SmartConsole)

sk176925  

the_rock
MVP Diamond
MVP Diamond
‎2022-04-14 07:30 AM
In response to Kaspars_Zibarts

Good sk, hope that helps.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
jkougoulos
Participant
‎2023-04-27 02:36 AM
In response to Kaspars_Zibarts

we face the same issue in the last days, based on some troubleshooting I did, it looks like the backend of the categorization web site (cws.checkpoint.com) has various issues causing timeouts / 504 errors etc. I mean the sk might help a bit, but it looks like there is a performance issue on the service itself

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events