- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
I have configured checkpoint firewall, and having problems to access the online payment websites. All logs show that the traffic is passing through but the browser cannot display any pages. I have tried to add the policy to accept any traffic but still not able to access the sites. What can i be missing out?
Some concrete examples of:
Would be very helpful in providing you advice.
Also version of products involved (with patch levels).
Find my comments added below
1. Exact websites you were trying to access
2. Behaviors you saw (with screenshots)
All browsers are just showing TLS handshake and then times out
3. Exact rule configuration
Screenshot attached.
4. Is HTTPS Inspection enabled
yes it is enabled
5. Logs you saw
I have the log in TXT format and i dont have an option to attach to this message. Please share email so that i can send to you
6. Any other useful information
Running R80 with version 121. I was advised to apply the hotfix fw1_wrapper_HOTFIX_R80_10_JHF_121_SMACK_626_030_GA_FULL by the support team but did not work.
You are most likely not running R80 as this was not a gateway version, but actually R80.10 as suggested by the patch you mention.
The behavior suggests an issue negotiating HTTPS connections.
Log entries related to this might be there (particularly if HTTPS Inspection is enabled)--I would look for these.
tcpdumps of connections might also be interesting to look at.
Most likely to troubleshoot this much further, you're going to need assistance from the TAC.
Especially if they advised you to apply said patch and it didn't resolve the issue.
Thank you for the response. I have taken the issue with the TAC team.
Their response time is a bit slow but i hope they will be able to assist.
Regards
Narrah
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY