R81.20 Inbound SSL inspection - custom application...

Zolo · ‎2025-05-19

Hello,

Is it poosible to filter SNI sites with custom application?

Source: Any(Internet clients)
Destination: SNI host Public IP
Service: HTTPS
Custom Application: mydomain.com object (Contain: mydomain.com, No Regex)
Action: Inspect
Certificate: mydomain.com cert (Contain: CN=example.com, SAN DNS: mydomain.com)

I tried with regex as well, with no luck.

Br,
Zolo

PhoneBoy · ‎2025-05-19

What version/JHF are you on?

As far as I know, this should work.
When you say "no luck" what is the exact behavior?
Please show screenshots of any log entries, behavior, etc (redact sensitive details).

Zolo · ‎2025-05-21

In the customer's environment the version is R81.20 JHF T99

But I tried in CP Demo Point (where I also upgraded to the latest version both the management and the gateway) with the same result.
"no luck" I ment that the result was the same, not worked.

I try to fnd some time to reproduce and I will post logs and screenshots.

the_rock · ‎2025-05-19

100% it does work. I dont have access to my lab to test it for couple weeks, but if you can send error or some sort of log, would help.

Andy

Zolo · ‎2025-05-21

There is no error, simply do not match to that rule.
If I define an another rule with connection Bypass that rule matches.

I try to fnd some time to reproduce and I will post logs and screenshots.

Are you a member of CheckMates?

R81.20 Inbound SSL inspection - custom applications are not working