Hi, I just faced an strange issue, which hasn't ever occured in my 10 years of working with Check Point.
We have a server that needs to access Apple resources. Sometimes it worked, sometimes it didn't.
The ruleset for NW & AppC are fine, everything is allowed.
We then realized that user privileges in HTTPS inspection ruleset caused the strange behavior.
Per Default: The server was bypassed -> with a bypass, it doesn't work.
As soon as a user logged in, it triggered an AR, which caused the connection to be inspected - and then it works.
We tried to analyze this, and definitely the behavior is the opposite of the behavior you'd usually expect:
A bypass doesn't work, an inspect works.
My only logical explanation would be, that the cipher/protocol client-settings of the internal server are not compatible with Apple - and that an "inspect" masks these settings to the outbound GW ciphers - and therefore "fixes" the connection.
But - the server is up-to-date, has proper settings, supports TLS1.2 & 1.3 with secure ciphers & everyhting else worked, except this one service.
Has anyone ever faced something like that or has an idea what could cause such a behavior?