Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Arturxr
Explorer

Proxy error 502 (cannotconnect)

An error appears in the browser when accessing the Internet directly through a proxy to a specific URL, it says accept in the logs: Failed to load resource: the server responded with a status of 502 (cannotconnect). Tell me what could be the problem? what settings on checkpoint can be checked

0 Kudos
6 Replies
Sorin_Gogean
Advisor

The 5xx error are HTTPS related, as I know, so do you have HTTPS Inspection on that proxy ? 

Is the Proxy an CheckPoint appliance ? 

I remember that we encountered some issues, a loooong time ago, where the SSL encryption that the site was accepting did not match the ones from the CheckPoint GW, and we were doing HTTPS Inspection on the CKP GW.

(that was solved in newer versions, as it happened with R80.30 or smth)

Ty,

0 Kudos
Arturxr
Explorer

If you look from the Internet, then CheckPoint is the very first, behind it are proxies and then APMs. 
Tell me, what https settings need to be checked?

0 Kudos
Sorin_Gogean
Advisor

You still didn't respond to all my questions 😊

"do you have HTTPS Inspection on that proxy ?" - unanswered....

also, do you have HTTPS Inspection on the CKP GW ?

If you don't use the proxy, is the Internet access path going the same way through the CheckPoint GW, in that case you access the website properly ?!?!?!?

 

Ty,

PS: if you don't have HTTPS Inspection on CKP, then you need to look why the proxy can't negotiate with the other website....

0 Kudos
Arturxr
Explorer

There is no https verification on the proxy, there is on the checkpoint

0 Kudos
Sorin_Gogean
Advisor

please respond to all things we're asking, so we're not going in circles....

"If you don't use the proxy, is the Internet access path going the same way through the CheckPoint GW, in that case you access the website properly ?!?!?!? " 

 

If you check CKP Logs, do you see something on that particular traffic? 

You should be able to get some errors in the CKP Logs.....

0 Kudos
Arturxr
Explorer

I'm trying to get information about access directly through the checkpoint, as soon as I'll let you know, in the checkpoint logs we see that traffic to the resource is allowed by ip address. I think, try to allow access by url in the rule or add this resource to bypass and check access

0 Kudos